Table of Contents
A low-level client representing AWS IoT
AWS IoT provides secure, bi-directional communication between Internet-connected devices (such as sensors, actuators, embedded devices, or smart appliances) and the AWS cloud. You can discover your custom IoT-Data endpoint to communicate with, configure rules for data processing and integration with other services, organize resources associated with each device (Registry), configure logging, and create and manage policies and credentials to authenticate devices.
The service endpoints that expose this API are listed in AWS IoT Core Endpoints and Quotas . You must use the endpoint for the region that has the resources you want to access.
The service name used by AWS Signature Version 4 to sign the request is: execute-api .
For more information about how AWS IoT works, see the Developer Guide .
For information about how to use the credentials provider for AWS IoT, see Authorizing Direct Calls to AWS Services .
import boto3
client = boto3.client('iot')
These are the available methods:
Accepts a pending certificate transfer. The default state of the certificate is INACTIVE.
To check for pending certificate transfers, call ListCertificates to enumerate your certificates.
See also: AWS API Documentation
Request Syntax
response = client.accept_certificate_transfer(
certificateId='string',
setAsActive=True|False
)
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
None
Exceptions
Adds a thing to a billing group.
See also: AWS API Documentation
Request Syntax
response = client.add_thing_to_billing_group(
billingGroupName='string',
billingGroupArn='string',
thingName='string',
thingArn='string'
)
dict
Response Syntax
{}
Response Structure
Exceptions
Adds a thing to a thing group.
See also: AWS API Documentation
Request Syntax
response = client.add_thing_to_thing_group(
thingGroupName='string',
thingGroupArn='string',
thingName='string',
thingArn='string',
overrideDynamicGroups=True|False
)
dict
Response Syntax
{}
Response Structure
Exceptions
Associates a group with a continuous job. The following criteria must be met:
See also: AWS API Documentation
Request Syntax
response = client.associate_targets_with_job(
targets=[
'string',
],
jobId='string',
comment='string',
namespaceId='string'
)
[REQUIRED]
A list of thing group ARNs that define the targets of the job.
[REQUIRED]
The unique identifier you assigned to this job when it was created.
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
dict
Response Syntax
{
'jobArn': 'string',
'jobId': 'string',
'description': 'string'
}
Response Structure
(dict) --
jobArn (string) --
An ARN identifying the job.
jobId (string) --
The unique identifier you assigned to this job when it was created.
description (string) --
A short text description of the job.
Exceptions
Attaches a policy to the specified target.
See also: AWS API Documentation
Request Syntax
response = client.attach_policy(
policyName='string',
target='string'
)
[REQUIRED]
The name of the policy to attach.
[REQUIRED]
The identity to which the policy is attached. For example, a thing group or a certificate.
None
Exceptions
Attaches the specified policy to the specified principal (certificate or other credential).
Note: This API is deprecated. Please use AttachPolicy instead.
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response = client.attach_principal_policy(
policyName='string',
principal='string'
)
[REQUIRED]
The policy name.
[REQUIRED]
The principal, which can be a certificate ARN (as returned from the CreateCertificate operation) or an Amazon Cognito ID.
None
Exceptions
Associates a Device Defender security profile with a thing group or this account. Each thing group or account can have up to five security profiles associated with it.
See also: AWS API Documentation
Request Syntax
response = client.attach_security_profile(
securityProfileName='string',
securityProfileTargetArn='string'
)
[REQUIRED]
The security profile that is attached.
[REQUIRED]
The ARN of the target (thing group) to which the security profile is attached.
dict
Response Syntax
{}
Response Structure
Exceptions
Attaches the specified principal to the specified thing. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.
See also: AWS API Documentation
Request Syntax
response = client.attach_thing_principal(
thingName='string',
principal='string'
)
[REQUIRED]
The name of the thing.
[REQUIRED]
The principal, which can be a certificate ARN (as returned from the CreateCertificate operation) or an Amazon Cognito ID.
dict
Response Syntax
{}
Response Structure
(dict) --
The output from the AttachThingPrincipal operation.
Exceptions
Check if an operation can be paginated.
Cancels a mitigation action task that is in progress. If the task is not in progress, an InvalidRequestException occurs.
See also: AWS API Documentation
Request Syntax
response = client.cancel_audit_mitigation_actions_task(
taskId='string'
)
[REQUIRED]
The unique identifier for the task that you want to cancel.
{}
Response Structure
Exceptions
Cancels an audit that is in progress. The audit can be either scheduled or on demand. If the audit isn't in progress, an "InvalidRequestException" occurs.
See also: AWS API Documentation
Request Syntax
response = client.cancel_audit_task(
taskId='string'
)
[REQUIRED]
The ID of the audit you want to cancel. You can only cancel an audit that is "IN_PROGRESS".
{}
Response Structure
Exceptions
Cancels a pending transfer for the specified certificate.
Note Only the transfer source account can use this operation to cancel a transfer. (Transfer destinations can use RejectCertificateTransfer instead.) After transfer, AWS IoT returns the certificate to the source account in the INACTIVE state. After the destination account has accepted the transfer, the transfer cannot be cancelled.
After a certificate transfer is cancelled, the status of the certificate changes from PENDING_TRANSFER to INACTIVE.
See also: AWS API Documentation
Request Syntax
response = client.cancel_certificate_transfer(
certificateId='string'
)
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
Exceptions
Cancels a Device Defender ML Detect mitigation action.
See also: AWS API Documentation
Request Syntax
response = client.cancel_detect_mitigation_actions_task(
taskId='string'
)
[REQUIRED]
The unique identifier of the task.
{}
Response Structure
Exceptions
Cancels a job.
See also: AWS API Documentation
Request Syntax
response = client.cancel_job(
jobId='string',
reasonCode='string',
comment='string',
force=True|False
)
[REQUIRED]
The unique identifier you assigned to this job when it was created.
(Optional) If true job executions with status "IN_PROGRESS" and "QUEUED" are canceled, otherwise only job executions with status "QUEUED" are canceled. The default is false .
Canceling a job which is "IN_PROGRESS", will cause a device which is executing the job to be unable to update the job execution status. Use caution and ensure that each device executing a job which is canceled is able to recover to a valid state.
dict
Response Syntax
{
'jobArn': 'string',
'jobId': 'string',
'description': 'string'
}
Response Structure
(dict) --
jobArn (string) --
The job ARN.
jobId (string) --
The unique identifier you assigned to this job when it was created.
description (string) --
A short text description of the job.
Exceptions
Cancels the execution of a job for a given thing.
See also: AWS API Documentation
Request Syntax
response = client.cancel_job_execution(
jobId='string',
thingName='string',
force=True|False,
expectedVersion=123,
statusDetails={
'string': 'string'
}
)
[REQUIRED]
The ID of the job to be canceled.
[REQUIRED]
The name of the thing whose execution of the job will be canceled.
(Optional) If true the job execution will be canceled if it has status IN_PROGRESS or QUEUED, otherwise the job execution will be canceled only if it has status QUEUED. If you attempt to cancel a job execution that is IN_PROGRESS, and you do not set force to true , then an InvalidStateTransitionException will be thrown. The default is false .
Canceling a job execution which is "IN_PROGRESS", will cause the device to be unable to update the job execution status. Use caution and ensure that the device is able to recover to a valid state.
A collection of name/value pairs that describe the status of the job execution. If not specified, the statusDetails are unchanged. You can specify at most 10 name/value pairs.
None
Exceptions
Clears the default authorizer.
See also: AWS API Documentation
Request Syntax
response = client.clear_default_authorizer()
{}
Response Structure
Exceptions
Confirms a topic rule destination. When you create a rule requiring a destination, AWS IoT sends a confirmation message to the endpoint or base address you specify. The message includes a token which you pass back when calling ConfirmTopicRuleDestination to confirm that you own or have access to the endpoint.
See also: AWS API Documentation
Request Syntax
response = client.confirm_topic_rule_destination(
confirmationToken='string'
)
[REQUIRED]
The token used to confirm ownership or access to the topic rule confirmation URL.
{}
Response Structure
Exceptions
Creates a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
response = client.create_audit_suppression(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
expirationDate=datetime(2015, 1, 1),
suppressIndefinitely=True|False,
description='string',
clientRequestToken='string'
)
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
[REQUIRED]
Information that identifies the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
[REQUIRED]
The epoch timestamp in seconds at which this suppression expires.
This field is autopopulated if not provided.
dict
Response Syntax
{}
Response Structure
Exceptions
Creates an authorizer.
See also: AWS API Documentation
Request Syntax
response = client.create_authorizer(
authorizerName='string',
authorizerFunctionArn='string',
tokenKeyName='string',
tokenSigningPublicKeys={
'string': 'string'
},
status='ACTIVE'|'INACTIVE',
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
signingDisabled=True|False
)
[REQUIRED]
The authorizer name.
[REQUIRED]
The ARN of the authorizer's Lambda function.
The public keys used to verify the digital signature returned by your custom authentication service.
Metadata which can be used to manage the custom authorizer.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'authorizerName': 'string',
'authorizerArn': 'string'
}
Response Structure
(dict) --
authorizerName (string) --
The authorizer's name.
authorizerArn (string) --
The authorizer ARN.
Exceptions
Creates a billing group.
See also: AWS API Documentation
Request Syntax
response = client.create_billing_group(
billingGroupName='string',
billingGroupProperties={
'billingGroupDescription': 'string'
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name you wish to give to the billing group.
The properties of the billing group.
The description of the billing group.
Metadata which can be used to manage the billing group.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'billingGroupName': 'string',
'billingGroupArn': 'string',
'billingGroupId': 'string'
}
Response Structure
(dict) --
billingGroupName (string) --
The name you gave to the billing group.
billingGroupArn (string) --
The ARN of the billing group.
billingGroupId (string) --
The ID of the billing group.
Exceptions
Creates an X.509 certificate using the specified certificate signing request.
Note: The CSR must include a public key that is either an RSA key with a length of at least 2048 bits or an ECC key from NIST P-256 or NIST P-384 curves.
Note: Reusing the same certificate signing request (CSR) results in a distinct certificate.
You can create multiple certificates in a batch by creating a directory, copying multiple .csr files into that directory, and then specifying that directory on the command line. The following commands show how to create a batch of certificates given a batch of CSRs.
Assuming a set of CSRs are located inside of the directory my-csr-directory:
On Linux and OS X, the command is:
$ ls my-csr-directory/ | xargs -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}
This command lists all of the CSRs in my-csr-directory and pipes each CSR file name to the aws iot create-certificate-from-csr AWS CLI command to create a certificate for the corresponding CSR.
The aws iot create-certificate-from-csr part of the command can also be run in parallel to speed up the certificate creation process:
$ ls my-csr-directory/ | xargs -P 10 -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}
On Windows PowerShell, the command to create certificates for all CSRs in my-csr-directory is:
> ls -Name my-csr-directory | %{aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/$_}
On a Windows command prompt, the command to create certificates for all CSRs in my-csr-directory is:
> forfiles /p my-csr-directory /c "cmd /c aws iot create-certificate-from-csr --certificate-signing-request file://@path"
See also: AWS API Documentation
Request Syntax
response = client.create_certificate_from_csr(
certificateSigningRequest='string',
setAsActive=True|False
)
[REQUIRED]
The certificate signing request (CSR).
dict
Response Syntax
{
'certificateArn': 'string',
'certificateId': 'string',
'certificatePem': 'string'
}
Response Structure
(dict) --
The output from the CreateCertificateFromCsr operation.
certificateArn (string) --
The Amazon Resource Name (ARN) of the certificate. You can use the ARN as a principal for policy operations.
certificateId (string) --
The ID of the certificate. Certificate management operations only take a certificateId.
certificatePem (string) --
The certificate data, in PEM format.
Exceptions
Use this API to define a Custom Metric published by your devices to Device Defender.
See also: AWS API Documentation
Request Syntax
response = client.create_custom_metric(
metricName='string',
displayName='string',
metricType='string-list'|'ip-address-list'|'number-list'|'number',
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
clientRequestToken='string'
)
[REQUIRED]
The name of the custom metric. This will be used in the metric report submitted from the device/thing. Shouldn't begin with aws: . Cannot be updated once defined.
[REQUIRED]
The type of the custom metric. Types include string-list , ip-address-list , number-list , and number .
Metadata that can be used to manage the custom metric.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
[REQUIRED]
Each custom metric must have a unique client request token. If you try to create a new custom metric that already exists with a different token, an exception occurs. If you omit this value, AWS SDKs will automatically generate a unique client request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'metricName': 'string',
'metricArn': 'string'
}
Response Structure
(dict) --
metricName (string) --
The name of the custom metric to be used in the metric report.
metricArn (string) --
The Amazon Resource Number (ARN) of the custom metric, e.g. ``arn:aws-partition :iot:region :accountId :custommetric/metricName ``
Exceptions
Create a dimension that you can use to limit the scope of a metric used in a security profile for AWS IoT Device Defender. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric only to MQTT topics whose name match the pattern specified in the dimension.
See also: AWS API Documentation
Request Syntax
response = client.create_dimension(
name='string',
type='TOPIC_FILTER',
stringValues=[
'string',
],
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
clientRequestToken='string'
)
[REQUIRED]
A unique identifier for the dimension. Choose something that describes the type and value to make it easy to remember what it does.
[REQUIRED]
Specifies the type of dimension. Supported types: TOPIC_FILTER.
[REQUIRED]
Specifies the value or list of values for the dimension. For TOPIC_FILTER dimensions, this is a pattern used to match the MQTT topic (for example, "admin/#").
Metadata that can be used to manage the dimension.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
[REQUIRED]
Each dimension must have a unique client request token. If you try to create a new dimension with the same token as a dimension that already exists, an exception occurs. If you omit this value, AWS SDKs will automatically generate a unique client request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'name': 'string',
'arn': 'string'
}
Response Structure
(dict) --
name (string) --
A unique identifier for the dimension.
arn (string) --
The Amazon Resource Name (ARN) of the created dimension.
Exceptions
Creates a domain configuration.
See also: AWS API Documentation
Request Syntax
response = client.create_domain_configuration(
domainConfigurationName='string',
domainName='string',
serverCertificateArns=[
'string',
],
validationCertificateArn='string',
authorizerConfig={
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name of the domain configuration. This value must be unique to a region.
The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS-managed domains.
An object that specifies the authorization service for a domain.
The name of the authorization service for a domain configuration.
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
The type of service delivered by the endpoint.
Note
AWS IoT Core currently supports only the DATA service type.
Metadata which can be used to manage the domain configuration.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string'
}
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration.
domainConfigurationArn (string) --
The ARN of the domain configuration.
Exceptions
Creates a dynamic thing group.
See also: AWS API Documentation
Request Syntax
response = client.create_dynamic_thing_group(
thingGroupName='string',
thingGroupProperties={
'thingGroupDescription': 'string',
'attributePayload': {
'attributes': {
'string': 'string'
},
'merge': True|False
}
},
indexName='string',
queryString='string',
queryVersion='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The dynamic thing group name to create.
The dynamic thing group properties.
The thing group description.
The thing group attributes in JSON format.
A JSON string containing up to three key-value pair in JSON format. For example:
{\"attributes\":{\"string1\":\"string2\"}}
Specifies whether the list of attributes provided in the AttributePayload is merged with the attributes stored in the registry, instead of overwriting them.
To remove an attribute, call UpdateThing with an empty attribute value.
Note
The merge attribute is only valid when calling UpdateThing or UpdateThingGroup .
The dynamic thing group index name.
Note
Currently one index is supported: "AWS_Things".
[REQUIRED]
The dynamic thing group search query string.
See Query Syntax for information about query string syntax.
The dynamic thing group query version.
Note
Currently one query version is supported: "2017-09-30". If not specified, the query version defaults to this value.
Metadata which can be used to manage the dynamic thing group.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'thingGroupName': 'string',
'thingGroupArn': 'string',
'thingGroupId': 'string',
'indexName': 'string',
'queryString': 'string',
'queryVersion': 'string'
}
Response Structure
(dict) --
thingGroupName (string) --
The dynamic thing group name.
thingGroupArn (string) --
The dynamic thing group ARN.
thingGroupId (string) --
The dynamic thing group ID.
indexName (string) --
The dynamic thing group index name.
queryString (string) --
The dynamic thing group search query string.
queryVersion (string) --
The dynamic thing group query version.
Exceptions
Creates a job.
See also: AWS API Documentation
Request Syntax
response = client.create_job(
jobId='string',
targets=[
'string',
],
documentSource='string',
document='string',
description='string',
presignedUrlConfig={
'roleArn': 'string',
'expiresInSec': 123
},
targetSelection='CONTINUOUS'|'SNAPSHOT',
jobExecutionsRolloutConfig={
'maximumPerMinute': 123,
'exponentialRate': {
'baseRatePerMinute': 123,
'incrementFactor': 123.0,
'rateIncreaseCriteria': {
'numberOfNotifiedThings': 123,
'numberOfSucceededThings': 123
}
}
},
abortConfig={
'criteriaList': [
{
'failureType': 'FAILED'|'REJECTED'|'TIMED_OUT'|'ALL',
'action': 'CANCEL',
'thresholdPercentage': 123.0,
'minNumberOfExecutedThings': 123
},
]
},
timeoutConfig={
'inProgressTimeoutInMinutes': 123
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
namespaceId='string',
jobTemplateArn='string'
)
[REQUIRED]
A job identifier which must be unique for your AWS account. We recommend using a UUID. Alpha-numeric characters, "-" and "_" are valid for use here.
[REQUIRED]
A list of things and thing groups to which the job should be sent.
An S3 link to the job document. Required if you don't specify a value for document .
Note
If the job document resides in an S3 bucket, you must use a placeholder link when specifying the document.
The placeholder link is of the following form:
${aws:iot:s3-presigned-url:https://s3.amazonaws.com/*bucket* /*key* }
where bucket is your bucket name and key is the object in the bucket to which you are linking.
Configuration information for pre-signed S3 URLs.
The ARN of an IAM role that grants grants permission to download files from the S3 bucket where the job data/updates are stored. The role must also grant permission for IoT to download the files.
How long (in seconds) pre-signed URLs are valid. Valid values are 60 - 3600, the default value is 3600 seconds. Pre-signed URLs are generated when Jobs receives an MQTT request for the job document.
Allows you to create a staged rollout of the job.
The maximum number of things that will be notified of a pending job, per minute. This parameter allows you to create a staged rollout.
The rate of increase for a job rollout. This parameter allows you to define an exponential rate for a job rollout.
The minimum number of things that will be notified of a pending job, per minute at the start of job rollout. This parameter allows you to define the initial rate of rollout.
The exponential factor to increase the rate of rollout for a job.
AWS IoT supports up to one digit after the decimal (for example, 1.5, but not 1.55).
The criteria to initiate the increase in rate of rollout for a job.
The threshold for number of notified things that will initiate the increase in rate of rollout.
The threshold for number of succeeded things that will initiate the increase in rate of rollout.
Allows you to create criteria to abort a job.
The list of criteria that determine when and how to abort the job.
The criteria that determine when and how a job abort takes place.
The type of job execution failures that can initiate a job abort.
The type of job action to take to initiate the job abort.
The minimum percentage of job execution failures that must occur to initiate the job abort.
AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).
The minimum number of things which must receive job execution notifications before the job can be aborted.
Specifies the amount of time each device has to finish its execution of the job. The timer is started when the job execution status is set to IN_PROGRESS . If the job execution status is not set to another terminal state before the time expires, it will be automatically set to TIMED_OUT .
Specifies the amount of time, in minutes, this device has to finish execution of this job. The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The in progress timer can't be updated and will apply to all job executions for the job. Whenever a job execution remains in the IN_PROGRESS status for longer than this interval, the job execution will fail and switch to the terminal TIMED_OUT status.
Metadata which can be used to manage the job.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
dict
Response Syntax
{
'jobArn': 'string',
'jobId': 'string',
'description': 'string'
}
Response Structure
(dict) --
jobArn (string) --
The job ARN.
jobId (string) --
The unique identifier you assigned to this job.
description (string) --
The job description.
Exceptions
Creates a job template.
See also: AWS API Documentation
Request Syntax
response = client.create_job_template(
jobTemplateId='string',
jobArn='string',
documentSource='string',
document='string',
description='string',
presignedUrlConfig={
'roleArn': 'string',
'expiresInSec': 123
},
jobExecutionsRolloutConfig={
'maximumPerMinute': 123,
'exponentialRate': {
'baseRatePerMinute': 123,
'incrementFactor': 123.0,
'rateIncreaseCriteria': {
'numberOfNotifiedThings': 123,
'numberOfSucceededThings': 123
}
}
},
abortConfig={
'criteriaList': [
{
'failureType': 'FAILED'|'REJECTED'|'TIMED_OUT'|'ALL',
'action': 'CANCEL',
'thresholdPercentage': 123.0,
'minNumberOfExecutedThings': 123
},
]
},
timeoutConfig={
'inProgressTimeoutInMinutes': 123
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
A unique identifier for the job template. We recommend using a UUID. Alpha-numeric characters, "-", and "_" are valid for use here.
An S3 link to the job document to use in the template. Required if you don't specify a value for document .
Note
If the job document resides in an S3 bucket, you must use a placeholder link when specifying the document.
The placeholder link is of the following form:
${aws:iot:s3-presigned-url:https://s3.amazonaws.com/*bucket* /*key* }
where bucket is your bucket name and key is the object in the bucket to which you are linking.
[REQUIRED]
A description of the job document.
Configuration for pre-signed S3 URLs.
The ARN of an IAM role that grants grants permission to download files from the S3 bucket where the job data/updates are stored. The role must also grant permission for IoT to download the files.
How long (in seconds) pre-signed URLs are valid. Valid values are 60 - 3600, the default value is 3600 seconds. Pre-signed URLs are generated when Jobs receives an MQTT request for the job document.
Allows you to create a staged rollout of a job.
The maximum number of things that will be notified of a pending job, per minute. This parameter allows you to create a staged rollout.
The rate of increase for a job rollout. This parameter allows you to define an exponential rate for a job rollout.
The minimum number of things that will be notified of a pending job, per minute at the start of job rollout. This parameter allows you to define the initial rate of rollout.
The exponential factor to increase the rate of rollout for a job.
AWS IoT supports up to one digit after the decimal (for example, 1.5, but not 1.55).
The criteria to initiate the increase in rate of rollout for a job.
The threshold for number of notified things that will initiate the increase in rate of rollout.
The threshold for number of succeeded things that will initiate the increase in rate of rollout.
The criteria that determine when and how a job abort takes place.
The list of criteria that determine when and how to abort the job.
The criteria that determine when and how a job abort takes place.
The type of job execution failures that can initiate a job abort.
The type of job action to take to initiate the job abort.
The minimum percentage of job execution failures that must occur to initiate the job abort.
AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).
The minimum number of things which must receive job execution notifications before the job can be aborted.
Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to IN_PROGRESS . If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to TIMED_OUT .
Specifies the amount of time, in minutes, this device has to finish execution of this job. The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The in progress timer can't be updated and will apply to all job executions for the job. Whenever a job execution remains in the IN_PROGRESS status for longer than this interval, the job execution will fail and switch to the terminal TIMED_OUT status.
Metadata that can be used to manage the job template.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'jobTemplateArn': 'string',
'jobTemplateId': 'string'
}
Response Structure
(dict) --
jobTemplateArn (string) --
The ARN of the job template.
jobTemplateId (string) --
The unique identifier of the job template.
Exceptions
Creates a 2048-bit RSA key pair and issues an X.509 certificate using the issued public key. You can also call CreateKeysAndCertificate over MQTT from a device, for more information, see Provisioning MQTT API .
Note This is the only time AWS IoT issues the private key for this certificate, so it is important to keep it in a secure location.
See also: AWS API Documentation
Request Syntax
response = client.create_keys_and_certificate(
setAsActive=True|False
)
{
'certificateArn': 'string',
'certificateId': 'string',
'certificatePem': 'string',
'keyPair': {
'PublicKey': 'string',
'PrivateKey': 'string'
}
}
Response Structure
The output of the CreateKeysAndCertificate operation.
The ARN of the certificate.
The ID of the certificate. AWS IoT issues a default subject name for the certificate (for example, AWS IoT Certificate).
The certificate data, in PEM format.
The generated key pair.
The public key.
The private key.
Exceptions
Defines an action that can be applied to audit findings by using StartAuditMitigationActionsTask. Only certain types of mitigation actions can be applied to specific check names. For more information, see Mitigation actions . Each mitigation action can apply only one type of change.
See also: AWS API Documentation
Request Syntax
response = client.create_mitigation_action(
actionName='string',
roleArn='string',
actionParams={
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
A friendly name for the action. Choose a friendly name that accurately describes the action (for example, EnableLoggingAction ).
[REQUIRED]
The ARN of the IAM role that is used to apply the mitigation action.
[REQUIRED]
Defines the type of action and the parameters for that action.
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
The name of the template to be applied. The only supported value is BLANK_POLICY .
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
The Amazon Resource Name (ARN) of the IAM role used for logging.
Specifies the type of information to be logged.
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
The ARN of the topic to which you want to publish the findings.
Metadata that can be used to manage the mitigation action.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'actionArn': 'string',
'actionId': 'string'
}
Response Structure
(dict) --
actionArn (string) --
The ARN for the new mitigation action.
actionId (string) --
A unique identifier for the new mitigation action.
Exceptions
Creates an AWS IoT OTAUpdate on a target group of things or groups.
See also: AWS API Documentation
Request Syntax
response = client.create_ota_update(
otaUpdateId='string',
description='string',
targets=[
'string',
],
protocols=[
'MQTT'|'HTTP',
],
targetSelection='CONTINUOUS'|'SNAPSHOT',
awsJobExecutionsRolloutConfig={
'maximumPerMinute': 123,
'exponentialRate': {
'baseRatePerMinute': 123,
'incrementFactor': 123.0,
'rateIncreaseCriteria': {
'numberOfNotifiedThings': 123,
'numberOfSucceededThings': 123
}
}
},
awsJobPresignedUrlConfig={
'expiresInSec': 123
},
awsJobAbortConfig={
'abortCriteriaList': [
{
'failureType': 'FAILED'|'REJECTED'|'TIMED_OUT'|'ALL',
'action': 'CANCEL',
'thresholdPercentage': 123.0,
'minNumberOfExecutedThings': 123
},
]
},
awsJobTimeoutConfig={
'inProgressTimeoutInMinutes': 123
},
files=[
{
'fileName': 'string',
'fileType': 123,
'fileVersion': 'string',
'fileLocation': {
'stream': {
'streamId': 'string',
'fileId': 123
},
's3Location': {
'bucket': 'string',
'key': 'string',
'version': 'string'
}
},
'codeSigning': {
'awsSignerJobId': 'string',
'startSigningJobParameter': {
'signingProfileParameter': {
'certificateArn': 'string',
'platform': 'string',
'certificatePathOnDevice': 'string'
},
'signingProfileName': 'string',
'destination': {
's3Destination': {
'bucket': 'string',
'prefix': 'string'
}
}
},
'customCodeSigning': {
'signature': {
'inlineDocument': b'bytes'
},
'certificateChain': {
'certificateName': 'string',
'inlineDocument': 'string'
},
'hashAlgorithm': 'string',
'signatureAlgorithm': 'string'
}
},
'attributes': {
'string': 'string'
}
},
],
roleArn='string',
additionalParameters={
'string': 'string'
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The ID of the OTA update to be created.
[REQUIRED]
The devices targeted to receive OTA updates.
The protocol used to transfer the OTA update image. Valid values are [HTTP], [MQTT], [HTTP, MQTT]. When both HTTP and MQTT are specified, the target device can choose the protocol.
Configuration for the rollout of OTA updates.
The maximum number of OTA update job executions started per minute.
The rate of increase for a job rollout. This parameter allows you to define an exponential rate increase for a job rollout.
The minimum number of things that will be notified of a pending job, per minute, at the start of the job rollout. This is the initial rate of the rollout.
The rate of increase for a job rollout. The number of things notified is multiplied by this factor.
The criteria to initiate the increase in rate of rollout for a job.
AWS IoT supports up to one digit after the decimal (for example, 1.5, but not 1.55).
When this number of things have been notified, it will initiate an increase in the rollout rate.
When this number of things have succeeded in their job execution, it will initiate an increase in the rollout rate.
Configuration information for pre-signed URLs.
How long (in seconds) pre-signed URLs are valid. Valid values are 60 - 3600, the default value is 1800 seconds. Pre-signed URLs are generated when a request for the job document is received.
The criteria that determine when and how a job abort takes place.
The list of criteria that determine when and how to abort the job.
The criteria that determine when and how a job abort takes place.
The type of job execution failures that can initiate a job abort.
The type of job action to take to initiate the job abort.
The minimum percentage of job execution failures that must occur to initiate the job abort.
AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).
The minimum number of things which must receive job execution notifications before the job can be aborted.
Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to IN_PROGRESS . If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to TIMED_OUT .
Specifies the amount of time, in minutes, this device has to finish execution of this job. The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The in progress timer can't be updated and will apply to all job executions for the job. Whenever a job execution remains in the IN_PROGRESS status for longer than this interval, the job execution will fail and switch to the terminal TIMED_OUT status.
[REQUIRED]
The files to be streamed by the OTA update.
Describes a file to be associated with an OTA update.
The name of the file.
An integer value you can include in the job document to allow your devices to identify the type of file received from the cloud.
The file version.
The location of the updated firmware.
The stream that contains the OTA update.
The stream ID.
The ID of a file associated with a stream.
The location of the updated firmware in S3.
The S3 bucket.
The S3 key.
The S3 bucket version.
The code signing method of the file.
The ID of the AWSSignerJob which was created to sign the file.
Describes the code-signing job.
Describes the code-signing profile.
Certificate ARN.
The hardware platform of your device.
The location of the code-signing certificate on your device.
The code-signing profile name.
The location to write the code-signed file.
Describes the location in S3 of the updated firmware.
The S3 bucket that contains the updated firmware.
The S3 prefix.
A custom method for code signing a file.
The signature for the file.
A base64 encoded binary representation of the code signing signature.
The certificate chain.
The name of the certificate.
A base64 encoded binary representation of the code signing certificate chain.
The hash algorithm used to code sign the file.
The signature algorithm used to code sign the file.
A list of name/attribute pairs.
[REQUIRED]
The IAM role that grants AWS IoT access to the Amazon S3, AWS IoT jobs and AWS Code Signing resources to create an OTA update job.
A list of additional OTA update parameters which are name-value pairs.
Metadata which can be used to manage updates.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'otaUpdateId': 'string',
'awsIotJobId': 'string',
'otaUpdateArn': 'string',
'awsIotJobArn': 'string',
'otaUpdateStatus': 'CREATE_PENDING'|'CREATE_IN_PROGRESS'|'CREATE_COMPLETE'|'CREATE_FAILED'
}
Response Structure
(dict) --
otaUpdateId (string) --
The OTA update ID.
awsIotJobId (string) --
The AWS IoT job ID associated with the OTA update.
otaUpdateArn (string) --
The OTA update ARN.
awsIotJobArn (string) --
The AWS IoT job ARN associated with the OTA update.
otaUpdateStatus (string) --
The OTA update status.
Exceptions
Creates an AWS IoT policy.
The created policy is the default version for the policy. This operation creates a policy version with a version identifier of 1 and sets 1 as the policy's default version.
See also: AWS API Documentation
Request Syntax
response = client.create_policy(
policyName='string',
policyDocument='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The policy name.
[REQUIRED]
The JSON document that describes the policy. policyDocument must have a minimum length of 1, with a maximum length of 2048, excluding whitespace.
Metadata which can be used to manage the policy.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'policyName': 'string',
'policyArn': 'string',
'policyDocument': 'string',
'policyVersionId': 'string'
}
Response Structure
(dict) --
The output from the CreatePolicy operation.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
policyDocument (string) --
The JSON document that describes the policy.
policyVersionId (string) --
The policy version ID.
Exceptions
Creates a new version of the specified AWS IoT policy. To update a policy, create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must use DeletePolicyVersion to delete an existing version before you create a new one.
Optionally, you can set the new version as the policy's default version. The default version is the operative version (that is, the version that is in effect for the certificates to which the policy is attached).
See also: AWS API Documentation
Request Syntax
response = client.create_policy_version(
policyName='string',
policyDocument='string',
setAsDefault=True|False
)
[REQUIRED]
The policy name.
[REQUIRED]
The JSON document that describes the policy. Minimum length of 1. Maximum length of 2048, excluding whitespace.
dict
Response Syntax
{
'policyArn': 'string',
'policyDocument': 'string',
'policyVersionId': 'string',
'isDefaultVersion': True|False
}
Response Structure
(dict) --
The output of the CreatePolicyVersion operation.
policyArn (string) --
The policy ARN.
policyDocument (string) --
The JSON document that describes the policy.
policyVersionId (string) --
The policy version ID.
isDefaultVersion (boolean) --
Specifies whether the policy version is the default.
Exceptions
Creates a provisioning claim.
See also: AWS API Documentation
Request Syntax
response = client.create_provisioning_claim(
templateName='string'
)
[REQUIRED]
The name of the provisioning template to use.
{
'certificateId': 'string',
'certificatePem': 'string',
'keyPair': {
'PublicKey': 'string',
'PrivateKey': 'string'
},
'expiration': datetime(2015, 1, 1)
}
Response Structure
The ID of the certificate.
The provisioning claim certificate.
The provisioning claim key pair.
The public key.
The private key.
The provisioning claim expiration time.
Exceptions
Creates a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
response = client.create_provisioning_template(
templateName='string',
description='string',
templateBody='string',
enabled=True|False,
provisioningRoleArn='string',
preProvisioningHook={
'payloadVersion': 'string',
'targetArn': 'string'
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name of the fleet provisioning template.
[REQUIRED]
The JSON formatted contents of the fleet provisioning template.
[REQUIRED]
The role ARN for the role associated with the fleet provisioning template. This IoT role grants permission to provision a device.
Creates a pre-provisioning hook template.
The payload that was sent to the target function.
Note: Only Lambda functions are currently supported.
The ARN of the target function.
Note: Only Lambda functions are currently supported.
Metadata which can be used to manage the fleet provisioning template.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'templateArn': 'string',
'templateName': 'string',
'defaultVersionId': 123
}
Response Structure
(dict) --
templateArn (string) --
The ARN that identifies the provisioning template.
templateName (string) --
The name of the fleet provisioning template.
defaultVersionId (integer) --
The default version of the fleet provisioning template.
Exceptions
Creates a new version of a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
response = client.create_provisioning_template_version(
templateName='string',
templateBody='string',
setAsDefault=True|False
)
[REQUIRED]
The name of the fleet provisioning template.
[REQUIRED]
The JSON formatted contents of the fleet provisioning template.
dict
Response Syntax
{
'templateArn': 'string',
'templateName': 'string',
'versionId': 123,
'isDefaultVersion': True|False
}
Response Structure
(dict) --
templateArn (string) --
The ARN that identifies the provisioning template.
templateName (string) --
The name of the fleet provisioning template.
versionId (integer) --
The version of the fleet provisioning template.
isDefaultVersion (boolean) --
True if the fleet provisioning template version is the default version, otherwise false.
Exceptions
Creates a role alias.
See also: AWS API Documentation
Request Syntax
response = client.create_role_alias(
roleAlias='string',
roleArn='string',
credentialDurationSeconds=123,
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The role alias that points to a role ARN. This allows you to change the role without having to update the device.
[REQUIRED]
The role ARN.
Metadata which can be used to manage the role alias.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'roleAlias': 'string',
'roleAliasArn': 'string'
}
Response Structure
(dict) --
roleAlias (string) --
The role alias.
roleAliasArn (string) --
The role alias ARN.
Exceptions
Creates a scheduled audit that is run at a specified time interval.
See also: AWS API Documentation
Request Syntax
response = client.create_scheduled_audit(
frequency='DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
dayOfMonth='string',
dayOfWeek='SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
targetCheckNames=[
'string',
],
scheduledAuditName='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
How often the scheduled audit takes place, either DAILY , WEEKLY , BIWEEKLY or MONTHLY . The start time of each audit is determined by the system.
[REQUIRED]
Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
[REQUIRED]
The name you want to give to the scheduled audit. (Max. 128 chars)
Metadata that can be used to manage the scheduled audit.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'scheduledAuditArn': 'string'
}
Response Structure
(dict) --
scheduledAuditArn (string) --
The ARN of the scheduled audit.
Exceptions
Creates a Device Defender security profile.
See also: AWS API Documentation
Request Syntax
response = client.create_security_profile(
securityProfileName='string',
securityProfileDescription='string',
behaviors=[
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
],
alertTargets={
'string': {
'alertTargetArn': 'string',
'roleArn': 'string'
}
},
additionalMetricsToRetain=[
'string',
],
additionalMetricsToRetainV2=[
{
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
}
},
],
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name you are giving to the security profile.
Specifies the behaviors that, when violated by a device (thing), cause an alert.
A Device Defender security profile behavior.
The name you've given to the behavior.
What is measured by the behavior.
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
A unique identifier for the dimension.
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
The criteria that determine if a device is behaving normally in regard to the metric .
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
The value to be compared with the metric .
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
The numeral value of a metric.
The numeral values of a metric.
The string values of a metric.
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
The configuration of an ML Detect
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
Suppresses alerts.
Specifies the destinations to which alerts are sent. (Alerts are always sent to the console.) Alerts are generated when a device (thing) violates a behavior.
The type of alert target: one of "SNS".
A structure containing the alert target ARN and the role ARN.
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.
The ARN of the role that grants permission to send alerts to the notification target.
Please use CreateSecurityProfileRequest$additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors , but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors , but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
The metric you want to retain. Dimensions are optional.
What is measured by the behavior.
The dimension of a metric. This can't be used with custom metrics.
A unique identifier for the dimension.
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
Metadata that can be used to manage the security profile.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'securityProfileName': 'string',
'securityProfileArn': 'string'
}
Response Structure
(dict) --
securityProfileName (string) --
The name you gave to the security profile.
securityProfileArn (string) --
The ARN of the security profile.
Exceptions
Creates a stream for delivering one or more large files in chunks over MQTT. A stream transports data bytes in chunks or blocks packaged as MQTT messages from a source like S3. You can have one or more files associated with a stream.
See also: AWS API Documentation
Request Syntax
response = client.create_stream(
streamId='string',
description='string',
files=[
{
'fileId': 123,
's3Location': {
'bucket': 'string',
'key': 'string',
'version': 'string'
}
},
],
roleArn='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The stream ID.
[REQUIRED]
The files to stream.
Represents a file to stream.
The file ID.
The location of the file in S3.
The S3 bucket.
The S3 key.
The S3 bucket version.
[REQUIRED]
An IAM role that allows the IoT service principal assumes to access your S3 files.
Metadata which can be used to manage streams.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'streamId': 'string',
'streamArn': 'string',
'description': 'string',
'streamVersion': 123
}
Response Structure
(dict) --
streamId (string) --
The stream ID.
streamArn (string) --
The stream ARN.
description (string) --
A description of the stream.
streamVersion (integer) --
The version of the stream.
Exceptions
Creates a thing record in the registry. If this call is made multiple times using the same thing name and configuration, the call will succeed. If this call is made with the same thing name but different configuration a ResourceAlreadyExistsException is thrown.
Note
This is a control plane operation. See Authorization for information about authorizing control plane actions.
See also: AWS API Documentation
Request Syntax
response = client.create_thing(
thingName='string',
thingTypeName='string',
attributePayload={
'attributes': {
'string': 'string'
},
'merge': True|False
},
billingGroupName='string'
)
[REQUIRED]
The name of the thing to create.
You can't change a thing's name after you create it. To change a thing's name, you must create a new thing, give it the new name, and then delete the old thing.
The attribute payload, which consists of up to three name/value pairs in a JSON document. For example:
{\"attributes\":{\"string1\":\"string2\"}}
A JSON string containing up to three key-value pair in JSON format. For example:
{\"attributes\":{\"string1\":\"string2\"}}
Specifies whether the list of attributes provided in the AttributePayload is merged with the attributes stored in the registry, instead of overwriting them.
To remove an attribute, call UpdateThing with an empty attribute value.
Note
The merge attribute is only valid when calling UpdateThing or UpdateThingGroup .
dict
Response Syntax
{
'thingName': 'string',
'thingArn': 'string',
'thingId': 'string'
}
Response Structure
(dict) --
The output of the CreateThing operation.
thingName (string) --
The name of the new thing.
thingArn (string) --
The ARN of the new thing.
thingId (string) --
The thing ID.
Exceptions
Create a thing group.
Note
This is a control plane operation. See Authorization for information about authorizing control plane actions.
See also: AWS API Documentation
Request Syntax
response = client.create_thing_group(
thingGroupName='string',
parentGroupName='string',
thingGroupProperties={
'thingGroupDescription': 'string',
'attributePayload': {
'attributes': {
'string': 'string'
},
'merge': True|False
}
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The thing group name to create.
The thing group properties.
The thing group description.
The thing group attributes in JSON format.
A JSON string containing up to three key-value pair in JSON format. For example:
{\"attributes\":{\"string1\":\"string2\"}}
Specifies whether the list of attributes provided in the AttributePayload is merged with the attributes stored in the registry, instead of overwriting them.
To remove an attribute, call UpdateThing with an empty attribute value.
Note
The merge attribute is only valid when calling UpdateThing or UpdateThingGroup .
Metadata which can be used to manage the thing group.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'thingGroupName': 'string',
'thingGroupArn': 'string',
'thingGroupId': 'string'
}
Response Structure
(dict) --
thingGroupName (string) --
The thing group name.
thingGroupArn (string) --
The thing group ARN.
thingGroupId (string) --
The thing group ID.
Exceptions
Creates a new thing type.
See also: AWS API Documentation
Request Syntax
response = client.create_thing_type(
thingTypeName='string',
thingTypeProperties={
'thingTypeDescription': 'string',
'searchableAttributes': [
'string',
]
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name of the thing type.
The ThingTypeProperties for the thing type to create. It contains information about the new thing type including a description, and a list of searchable thing attribute names.
The description of the thing type.
A list of searchable thing attribute names.
Metadata which can be used to manage the thing type.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'thingTypeName': 'string',
'thingTypeArn': 'string',
'thingTypeId': 'string'
}
Response Structure
(dict) --
The output of the CreateThingType operation.
thingTypeName (string) --
The name of the thing type.
thingTypeArn (string) --
The Amazon Resource Name (ARN) of the thing type.
thingTypeId (string) --
The thing type ID.
Exceptions
Creates a rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.
See also: AWS API Documentation
Request Syntax
response = client.create_topic_rule(
ruleName='string',
topicRulePayload={
'sql': 'string',
'description': 'string',
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
}
},
tags='string'
)
[REQUIRED]
The name of the rule.
[REQUIRED]
The rule payload.
The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference in the AWS IoT Developer Guide .
The description of the rule.
The actions associated with the rule.
Describes the actions associated with a rule.
Write to a DynamoDB table.
The name of the DynamoDB table.
The ARN of the IAM role that grants access to the DynamoDB table.
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
The hash key name.
The hash key value.
The hash key type. Valid values are "STRING" or "NUMBER"
The range key name.
The range key value.
The range key type. Valid values are "STRING" or "NUMBER"
The action payload. This name can be customized.
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
The ARN of the IAM role that grants access to the DynamoDB table.
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
The table where the message data will be written.
Invoke a Lambda function.
The ARN of the Lambda function.
Publish to an Amazon SNS topic.
The ARN of the SNS topic.
The ARN of the IAM role that grants access.
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
Publish to an Amazon SQS queue.
The ARN of the IAM role that grants access.
The URL of the Amazon SQS queue.
Specifies whether to use Base64 encoding.
Write data to an Amazon Kinesis stream.
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
The name of the Amazon Kinesis stream.
The partition key.
Publish to another MQTT topic.
The ARN of the IAM role that grants access.
The name of the MQTT topic.
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
Write to an Amazon S3 bucket.
The ARN of the IAM role that grants access.
The Amazon S3 bucket.
The object key. For more information, see Actions, resources, and condition keys for Amazon S3 .
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .
Write to an Amazon Kinesis Firehose stream.
The IAM role that grants access to the Amazon Kinesis Firehose stream.
The delivery stream name.
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
Whether to deliver the Kinesis Data Firehose stream as a batch by using ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ . The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ request. The resulting array can't have more than 500 records.
Capture a CloudWatch metric.
The IAM role that allows access to the CloudWatch metric.
The CloudWatch metric namespace name.
The CloudWatch metric name.
The CloudWatch metric value.
The metric unit supported by CloudWatch.
An optional Unix timestamp .
Change the state of a CloudWatch alarm.
The IAM role that allows access to the CloudWatch alarm.
The CloudWatch alarm name.
The reason for the alarm change.
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
Send data to CloudWatch Logs.
The IAM role that allows access to the CloudWatch log.
The CloudWatch log group to which the action sends data.
Write data to an Amazon Elasticsearch Service domain.
The IAM role ARN that has access to Elasticsearch.
The endpoint of your Elasticsearch domain.
The Elasticsearch index where you want to store your data.
The type of document you are storing.
The unique identifier for the document you are storing.
Send a message to a Salesforce IoT Cloud Input Stream.
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
Sends message data to an AWS IoT Analytics channel.
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
The name of the IoT Analytics channel to which message data will be sent.
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by ` BatchPutMessage https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html`__ to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
Sends an input to an AWS IoT Events detector.
The name of the AWS IoT Events input.
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling ` BatchPutMessage https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html`__ . The resulting array can't have more than 10 messages.
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
A list of asset property value entries.
An asset property value entry containing the following information.
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
An asset property value entry containing the following information.
The value of the asset property.
Optional. The string value of the value entry. Accepts substitution templates.
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
Optional. A string that contains the boolean value (true or false ) of the value entry. Accepts substitution templates.
The asset property value timestamp.
A string that contains the time in seconds since epoch. Accepts substitution templates.
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ("Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
Starts execution of a Step Functions state machine.
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
The name of the Step Functions state machine whose execution will be started.
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
The ARN of the role that grants permission to write to the Amazon Timestream database table.
The name of an Amazon Timestream database.
The name of the database table into which to write the measure records.
Metadata attributes of the time series that are written in each measure record.
Metadata attributes of the time series that are written in each measure record.
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon (: ) character.
The value to write in this column of the database record.
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
An expression that returns a long epoch time value.
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
Send data to an HTTPS endpoint.
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
The HTTP headers to send with the message data.
The HTTP action header.
The HTTP header key.
The HTTP header value. Substitution templates are supported.
The authentication method to use when sending data to an HTTPS endpoint.
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process .
The signing region.
The service name to use while signing with Sig V4.
The ARN of the signing role.
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
The ARN of Kafka action's VPC TopicRuleDestination .
The Kafka topic for messages to be sent to the Kafka broker.
The Kafka message key.
The Kafka message partition.
Properties of the Apache Kafka producer client.
Specifies whether the rule is disabled.
The version of the SQL rules engine to use when evaluating the rule.
The action to take when an error occurs.
Write to a DynamoDB table.
The name of the DynamoDB table.
The ARN of the IAM role that grants access to the DynamoDB table.
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
The hash key name.
The hash key value.
The hash key type. Valid values are "STRING" or "NUMBER"
The range key name.
The range key value.
The range key type. Valid values are "STRING" or "NUMBER"
The action payload. This name can be customized.
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
The ARN of the IAM role that grants access to the DynamoDB table.
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
The table where the message data will be written.
Invoke a Lambda function.
The ARN of the Lambda function.
Publish to an Amazon SNS topic.
The ARN of the SNS topic.
The ARN of the IAM role that grants access.
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
Publish to an Amazon SQS queue.
The ARN of the IAM role that grants access.
The URL of the Amazon SQS queue.
Specifies whether to use Base64 encoding.
Write data to an Amazon Kinesis stream.
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
The name of the Amazon Kinesis stream.
The partition key.
Publish to another MQTT topic.
The ARN of the IAM role that grants access.
The name of the MQTT topic.
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
Write to an Amazon S3 bucket.
The ARN of the IAM role that grants access.
The Amazon S3 bucket.
The object key. For more information, see Actions, resources, and condition keys for Amazon S3 .
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .
Write to an Amazon Kinesis Firehose stream.
The IAM role that grants access to the Amazon Kinesis Firehose stream.
The delivery stream name.
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
Whether to deliver the Kinesis Data Firehose stream as a batch by using ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ . The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ request. The resulting array can't have more than 500 records.
Capture a CloudWatch metric.
The IAM role that allows access to the CloudWatch metric.
The CloudWatch metric namespace name.
The CloudWatch metric name.
The CloudWatch metric value.
The metric unit supported by CloudWatch.
An optional Unix timestamp .
Change the state of a CloudWatch alarm.
The IAM role that allows access to the CloudWatch alarm.
The CloudWatch alarm name.
The reason for the alarm change.
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
Send data to CloudWatch Logs.
The IAM role that allows access to the CloudWatch log.
The CloudWatch log group to which the action sends data.
Write data to an Amazon Elasticsearch Service domain.
The IAM role ARN that has access to Elasticsearch.
The endpoint of your Elasticsearch domain.
The Elasticsearch index where you want to store your data.
The type of document you are storing.
The unique identifier for the document you are storing.
Send a message to a Salesforce IoT Cloud Input Stream.
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
Sends message data to an AWS IoT Analytics channel.
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
The name of the IoT Analytics channel to which message data will be sent.
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by ` BatchPutMessage https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html`__ to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
Sends an input to an AWS IoT Events detector.
The name of the AWS IoT Events input.
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling ` BatchPutMessage https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html`__ . The resulting array can't have more than 10 messages.
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
A list of asset property value entries.
An asset property value entry containing the following information.
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
An asset property value entry containing the following information.
The value of the asset property.
Optional. The string value of the value entry. Accepts substitution templates.
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
Optional. A string that contains the boolean value (true or false ) of the value entry. Accepts substitution templates.
The asset property value timestamp.
A string that contains the time in seconds since epoch. Accepts substitution templates.
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ("Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
Starts execution of a Step Functions state machine.
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
The name of the Step Functions state machine whose execution will be started.
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
The ARN of the role that grants permission to write to the Amazon Timestream database table.
The name of an Amazon Timestream database.
The name of the database table into which to write the measure records.
Metadata attributes of the time series that are written in each measure record.
Metadata attributes of the time series that are written in each measure record.
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon (: ) character.
The value to write in this column of the database record.
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
An expression that returns a long epoch time value.
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
Send data to an HTTPS endpoint.
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
The HTTP headers to send with the message data.
The HTTP action header.
The HTTP header key.
The HTTP header value. Substitution templates are supported.
The authentication method to use when sending data to an HTTPS endpoint.
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process .
The signing region.
The service name to use while signing with Sig V4.
The ARN of the signing role.
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
The ARN of Kafka action's VPC TopicRuleDestination .
The Kafka topic for messages to be sent to the Kafka broker.
The Kafka message key.
The Kafka message partition.
Properties of the Apache Kafka producer client.
Metadata which can be used to manage the topic rule.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: --tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
None
Exceptions
Creates a topic rule destination. The destination must be confirmed prior to use.
See also: AWS API Documentation
Request Syntax
response = client.create_topic_rule_destination(
destinationConfiguration={
'httpUrlConfiguration': {
'confirmationUrl': 'string'
},
'vpcConfiguration': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
}
)
[REQUIRED]
The topic rule destination configuration.
Configuration of the HTTP URL.
The URL AWS IoT uses to confirm ownership of or access to the topic rule destination URL.
Configuration of the virtual private cloud (VPC) connection.
The subnet IDs of the VPC destination.
The security groups of the VPC destination.
The ID of the VPC.
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
{
'topicRuleDestination': {
'arn': 'string',
'status': 'ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'statusReason': 'string',
'httpUrlProperties': {
'confirmationUrl': 'string'
},
'vpcProperties': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
}
}
Response Structure
The topic rule destination.
The topic rule destination URL.
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
The date and time when the topic rule destination was created.
The date and time when the topic rule destination was last updated.
Additional details or reason why the topic rule destination is in the current status.
Properties of the HTTP URL.
The URL used to confirm the HTTP topic rule destination URL.
Properties of the virtual private cloud (VPC) connection.
The subnet IDs of the VPC destination.
The security groups of the VPC destination.
The ID of the VPC.
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
Exceptions
Restores the default settings for Device Defender audits for this account. Any configuration data you entered is deleted and all audit checks are reset to disabled.
See also: AWS API Documentation
Request Syntax
response = client.delete_account_audit_configuration(
deleteScheduledAudits=True|False
)
{}
Response Structure
Exceptions
Deletes a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
response = client.delete_audit_suppression(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
}
)
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
[REQUIRED]
Information that identifies the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes an authorizer.
See also: AWS API Documentation
Request Syntax
response = client.delete_authorizer(
authorizerName='string'
)
[REQUIRED]
The name of the authorizer to delete.
{}
Response Structure
Exceptions
Deletes the billing group.
See also: AWS API Documentation
Request Syntax
response = client.delete_billing_group(
billingGroupName='string',
expectedVersion=123
)
[REQUIRED]
The name of the billing group.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes a registered CA certificate.
See also: AWS API Documentation
Request Syntax
response = client.delete_ca_certificate(
certificateId='string'
)
[REQUIRED]
The ID of the certificate to delete. (The last part of the certificate ARN contains the certificate ID.)
{}
Response Structure
The output for the DeleteCACertificate operation.
Exceptions
Deletes the specified certificate.
A certificate cannot be deleted if it has a policy or IoT thing attached to it or if its status is set to ACTIVE. To delete a certificate, first use the DetachPrincipalPolicy API to detach all policies. Next, use the UpdateCertificate API to set the certificate to the INACTIVE status.
See also: AWS API Documentation
Request Syntax
response = client.delete_certificate(
certificateId='string',
forceDelete=True|False
)
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
None
Exceptions
Note
Before you can delete a custom metric, you must first remove the custom metric from all security profiles it's a part of. The security profile associated with the custom metric can be found using the ListSecurityProfiles API with metricName set to your custom metric name.
Deletes a Device Defender detect custom metric.
See also: AWS API Documentation
Request Syntax
response = client.delete_custom_metric(
metricName='string'
)
[REQUIRED]
The name of the custom metric.
{}
Response Structure
Exceptions
Removes the specified dimension from your AWS account.
See also: AWS API Documentation
Request Syntax
response = client.delete_dimension(
name='string'
)
[REQUIRED]
The unique identifier for the dimension that you want to delete.
{}
Response Structure
Exceptions
Deletes the specified domain configuration.
See also: AWS API Documentation
Request Syntax
response = client.delete_domain_configuration(
domainConfigurationName='string'
)
[REQUIRED]
The name of the domain configuration to be deleted.
{}
Response Structure
Exceptions
Deletes a dynamic thing group.
See also: AWS API Documentation
Request Syntax
response = client.delete_dynamic_thing_group(
thingGroupName='string',
expectedVersion=123
)
[REQUIRED]
The name of the dynamic thing group to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes a job and its related job executions.
Deleting a job may take time, depending on the number of job executions created for the job and various other factors. While the job is being deleted, the status of the job will be shown as "DELETION_IN_PROGRESS". Attempting to delete or cancel a job whose status is already "DELETION_IN_PROGRESS" will result in an error.
Only 10 jobs may have status "DELETION_IN_PROGRESS" at the same time, or a LimitExceededException will occur.
See also: AWS API Documentation
Request Syntax
response = client.delete_job(
jobId='string',
force=True|False,
namespaceId='string'
)
[REQUIRED]
The ID of the job to be deleted.
After a job deletion is completed, you may reuse this jobId when you create a new job. However, this is not recommended, and you must ensure that your devices are not using the jobId to refer to the deleted job.
(Optional) When true, you can delete a job which is "IN_PROGRESS". Otherwise, you can only delete a job which is in a terminal state ("COMPLETED" or "CANCELED") or an exception will occur. The default is false.
Note
Deleting a job which is "IN_PROGRESS", will cause a device which is executing the job to be unable to access job information or update the job execution status. Use caution and ensure that each device executing a job which is deleted is able to recover to a valid state.
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
None
Exceptions
Deletes a job execution.
See also: AWS API Documentation
Request Syntax
response = client.delete_job_execution(
jobId='string',
thingName='string',
executionNumber=123,
force=True|False,
namespaceId='string'
)
[REQUIRED]
The ID of the job whose execution on a particular device will be deleted.
[REQUIRED]
The name of the thing whose job execution will be deleted.
[REQUIRED]
The ID of the job execution to be deleted. The executionNumber refers to the execution of a particular job on a particular device.
Note that once a job execution is deleted, the executionNumber may be reused by IoT, so be sure you get and use the correct value here.
(Optional) When true, you can delete a job execution which is "IN_PROGRESS". Otherwise, you can only delete a job execution which is in a terminal state ("SUCCEEDED", "FAILED", "REJECTED", "REMOVED" or "CANCELED") or an exception will occur. The default is false.
Note
Deleting a job execution which is "IN_PROGRESS", will cause the device to be unable to access job information or update the job execution status. Use caution and ensure that the device is able to recover to a valid state.
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
None
Exceptions
Deletes the specified job template.
See also: AWS API Documentation
Request Syntax
response = client.delete_job_template(
jobTemplateId='string'
)
[REQUIRED]
The unique identifier of the job template to delete.
Exceptions
Deletes a defined mitigation action from your AWS account.
See also: AWS API Documentation
Request Syntax
response = client.delete_mitigation_action(
actionName='string'
)
[REQUIRED]
The name of the mitigation action that you want to delete.
{}
Response Structure
Exceptions
Delete an OTA update.
See also: AWS API Documentation
Request Syntax
response = client.delete_ota_update(
otaUpdateId='string',
deleteStream=True|False,
forceDeleteAWSJob=True|False
)
[REQUIRED]
The ID of the OTA update to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes the specified policy.
A policy cannot be deleted if it has non-default versions or it is attached to any certificate.
To delete a policy, use the DeletePolicyVersion API to delete all non-default versions of the policy; use the DetachPrincipalPolicy API to detach the policy from any certificate; and then use the DeletePolicy API to delete the policy.
When a policy is deleted using DeletePolicy, its default version is deleted with it.
See also: AWS API Documentation
Request Syntax
response = client.delete_policy(
policyName='string'
)
[REQUIRED]
The name of the policy to delete.
Exceptions
Deletes the specified version of the specified policy. You cannot delete the default version of a policy using this API. To delete the default version of a policy, use DeletePolicy . To find out which version of a policy is marked as the default version, use ListPolicyVersions.
See also: AWS API Documentation
Request Syntax
response = client.delete_policy_version(
policyName='string',
policyVersionId='string'
)
[REQUIRED]
The name of the policy.
[REQUIRED]
The policy version ID.
None
Exceptions
Deletes a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
response = client.delete_provisioning_template(
templateName='string'
)
[REQUIRED]
The name of the fleet provision template to delete.
{}
Response Structure
Exceptions
Deletes a fleet provisioning template version.
See also: AWS API Documentation
Request Syntax
response = client.delete_provisioning_template_version(
templateName='string',
versionId=123
)
[REQUIRED]
The name of the fleet provisioning template version to delete.
[REQUIRED]
The fleet provisioning template version ID to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes a CA certificate registration code.
See also: AWS API Documentation
Request Syntax
response = client.delete_registration_code()
{}
Response Structure
The output for the DeleteRegistrationCode operation.
Exceptions
Deletes a role alias
See also: AWS API Documentation
Request Syntax
response = client.delete_role_alias(
roleAlias='string'
)
[REQUIRED]
The role alias to delete.
{}
Response Structure
Exceptions
Deletes a scheduled audit.
See also: AWS API Documentation
Request Syntax
response = client.delete_scheduled_audit(
scheduledAuditName='string'
)
[REQUIRED]
The name of the scheduled audit you want to delete.
{}
Response Structure
Exceptions
Deletes a Device Defender security profile.
See also: AWS API Documentation
Request Syntax
response = client.delete_security_profile(
securityProfileName='string',
expectedVersion=123
)
[REQUIRED]
The name of the security profile to be deleted.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes a stream.
See also: AWS API Documentation
Request Syntax
response = client.delete_stream(
streamId='string'
)
[REQUIRED]
The stream ID.
{}
Response Structure
Exceptions
Deletes the specified thing. Returns successfully with no error if the deletion is successful or you specify a thing that doesn't exist.
See also: AWS API Documentation
Request Syntax
response = client.delete_thing(
thingName='string',
expectedVersion=123
)
[REQUIRED]
The name of the thing to delete.
dict
Response Syntax
{}
Response Structure
(dict) --
The output of the DeleteThing operation.
Exceptions
Deletes a thing group.
See also: AWS API Documentation
Request Syntax
response = client.delete_thing_group(
thingGroupName='string',
expectedVersion=123
)
[REQUIRED]
The name of the thing group to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes the specified thing type. You cannot delete a thing type if it has things associated with it. To delete a thing type, first mark it as deprecated by calling DeprecateThingType , then remove any associated things by calling UpdateThing to change the thing type on any associated thing, and finally use DeleteThingType to delete the thing type.
See also: AWS API Documentation
Request Syntax
response = client.delete_thing_type(
thingTypeName='string'
)
[REQUIRED]
The name of the thing type.
{}
Response Structure
The output for the DeleteThingType operation.
Exceptions
Deletes the rule.
See also: AWS API Documentation
Request Syntax
response = client.delete_topic_rule(
ruleName='string'
)
[REQUIRED]
The name of the rule.
Exceptions
Deletes a topic rule destination.
See also: AWS API Documentation
Request Syntax
response = client.delete_topic_rule_destination(
arn='string'
)
[REQUIRED]
The ARN of the topic rule destination to delete.
{}
Response Structure
Exceptions
Deletes a logging level.
See also: AWS API Documentation
Request Syntax
response = client.delete_v2_logging_level(
targetType='DEFAULT'|'THING_GROUP',
targetName='string'
)
[REQUIRED]
The type of resource for which you are configuring logging. Must be THING_Group .
[REQUIRED]
The name of the resource for which you are configuring logging.
None
Exceptions
Deprecates a thing type. You can not associate new things with deprecated thing type.
See also: AWS API Documentation
Request Syntax
response = client.deprecate_thing_type(
thingTypeName='string',
undoDeprecate=True|False
)
[REQUIRED]
The name of the thing type to deprecate.
dict
Response Syntax
{}
Response Structure
(dict) --
The output for the DeprecateThingType operation.
Exceptions
Gets information about the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.
See also: AWS API Documentation
Request Syntax
response = client.describe_account_audit_configuration()
{
'roleArn': 'string',
'auditNotificationTargetConfigurations': {
'string': {
'targetArn': 'string',
'roleArn': 'string',
'enabled': True|False
}
},
'auditCheckConfigurations': {
'string': {
'enabled': True|False
}
}
}
Response Structure
The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.
On the first call to UpdateAccountAuditConfiguration , this parameter is required.
Information about the targets to which audit notifications are sent for this account.
Information about the targets to which audit notifications are sent.
The ARN of the target (SNS topic) to which audit notifications are sent.
The ARN of the role that grants permission to send notifications to the target.
True if notifications to the target are enabled.
Which audit checks are enabled and disabled for this account.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
Which audit checks are enabled and disabled for this account.
True if this audit check is enabled for this account.
Exceptions
Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and the start time when the audit that returned the finding.
See also: AWS API Documentation
Request Syntax
response = client.describe_audit_finding(
findingId='string'
)
[REQUIRED]
A unique identifier for a single audit finding. You can use this identifier to apply mitigation actions to the finding.
{
'finding': {
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string',
'isSuppressed': True|False
}
}
Response Structure
The findings (results) of the audit.
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
The ID of the audit that generated this result (finding).
The audit check that generated this result.
The time the audit started.
The time the result (finding) was discovered.
The severity of the result (finding).
The resource that was found to be noncompliant with the audit check.
The type of the noncompliant resource.
Information that identifies the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
Other information about the noncompliant resource.
The list of related resources.
Information about a related resource.
The type of resource.
Information that identifies the resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
Other information about the resource.
The reason the resource was noncompliant.
A code that indicates the reason that the resource was noncompliant.
Indicates whether the audit finding was suppressed or not during reporting.
Exceptions
Gets information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings. Properties include the actions being applied, the audit checks to which they're being applied, the task status, and aggregated task statistics.
See also: AWS API Documentation
Request Syntax
response = client.describe_audit_mitigation_actions_task(
taskId='string'
)
[REQUIRED]
The unique identifier for the audit mitigation task.
{
'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'taskStatistics': {
'string': {
'totalFindingsCount': 123,
'failedFindingsCount': 123,
'succeededFindingsCount': 123,
'skippedFindingsCount': 123,
'canceledFindingsCount': 123
}
},
'target': {
'auditTaskId': 'string',
'findingIds': [
'string',
],
'auditCheckToReasonCodeFilter': {
'string': [
'string',
]
}
},
'auditCheckToActionsMapping': {
'string': [
'string',
]
},
'actionsDefinition': [
{
'name': 'string',
'id': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
},
]
}
Response Structure
The current status of the task.
The date and time when the task was started.
The date and time when the task was completed or canceled.
Aggregate counts of the results when the mitigation tasks were applied to the findings for this audit mitigation actions task.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
Provides summary counts of how many tasks for findings are in a particular state. This information is included in the response from DescribeAuditMitigationActionsTask.
The total number of findings to which a task is being applied.
The number of findings for which at least one of the actions failed when applied.
The number of findings for which all mitigation actions succeeded when applied.
The number of findings skipped because of filter conditions provided in the parameters to the command.
The number of findings to which the mitigation action task was canceled when applied.
Identifies the findings to which the mitigation actions are applied. This can be by audit checks, by audit task, or a set of findings.
If the task will apply a mitigation action to findings from a specific audit, this value uniquely identifies the audit.
If the task will apply a mitigation action to one or more listed findings, this value uniquely identifies those findings.
Specifies a filter in the form of an audit check and set of reason codes that identify the findings from the audit to which the audit mitigation actions task apply.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
Specifies the mitigation actions that should be applied to specific audit checks.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
Specifies the mitigation actions and their parameters that are applied as part of this task.
Describes which changes should be applied as part of a mitigation action.
A user-friendly name for the mitigation action.
A unique identifier for the mitigation action.
The IAM role ARN used to apply this mitigation action.
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
The name of the template to be applied. The only supported value is BLANK_POLICY .
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
The Amazon Resource Name (ARN) of the IAM role used for logging.
Specifies the type of information to be logged.
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
The ARN of the topic to which you want to publish the findings.
Exceptions
Gets information about a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
response = client.describe_audit_suppression(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
}
)
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
[REQUIRED]
Information that identifies the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
dict
Response Syntax
{
'checkName': 'string',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'expirationDate': datetime(2015, 1, 1),
'suppressIndefinitely': True|False,
'description': 'string'
}
Response Structure
(dict) --
checkName (string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
expirationDate (datetime) --
The epoch timestamp in seconds at which this suppression expires.
suppressIndefinitely (boolean) --
Indicates whether a suppression should exist indefinitely or not.
description (string) --
The description of the audit suppression.
Exceptions
Gets information about a Device Defender audit.
See also: AWS API Documentation
Request Syntax
response = client.describe_audit_task(
taskId='string'
)
[REQUIRED]
The ID of the audit whose information you want to get.
{
'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
'taskType': 'ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK',
'taskStartTime': datetime(2015, 1, 1),
'taskStatistics': {
'totalChecks': 123,
'inProgressChecks': 123,
'waitingForDataCollectionChecks': 123,
'compliantChecks': 123,
'nonCompliantChecks': 123,
'failedChecks': 123,
'canceledChecks': 123
},
'scheduledAuditName': 'string',
'auditDetails': {
'string': {
'checkRunStatus': 'IN_PROGRESS'|'WAITING_FOR_DATA_COLLECTION'|'CANCELED'|'COMPLETED_COMPLIANT'|'COMPLETED_NON_COMPLIANT'|'FAILED',
'checkCompliant': True|False,
'totalResourcesCount': 123,
'nonCompliantResourcesCount': 123,
'suppressedNonCompliantResourcesCount': 123,
'errorCode': 'string',
'message': 'string'
}
}
}
Response Structure
The status of the audit: one of "IN_PROGRESS", "COMPLETED", "FAILED", or "CANCELED".
The type of audit: "ON_DEMAND_AUDIT_TASK" or "SCHEDULED_AUDIT_TASK".
The time the audit started.
Statistical information about the audit.
The number of checks in this audit.
The number of checks in progress.
The number of checks waiting for data collection.
The number of checks that found compliant resources.
The number of checks that found noncompliant resources.
The number of checks.
The number of checks that did not run because the audit was canceled.
The name of the scheduled audit (only if the audit was a scheduled audit).
Detailed information about each check performed during this audit.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
Information about the audit check.
The completion status of this check. One of "IN_PROGRESS", "WAITING_FOR_DATA_COLLECTION", "CANCELED", "COMPLETED_COMPLIANT", "COMPLETED_NON_COMPLIANT", or "FAILED".
True if the check is complete and found all resources compliant.
The number of resources on which the check was performed.
The number of resources that were found noncompliant during the check.
Describes how many of the non-compliant resources created during the evaluation of an audit check were marked as suppressed.
The code of any error encountered when this check is performed during this audit. One of "INSUFFICIENT_PERMISSIONS" or "AUDIT_CHECK_DISABLED".
The message associated with any error encountered when this check is performed during this audit.
Exceptions
Describes an authorizer.
See also: AWS API Documentation
Request Syntax
response = client.describe_authorizer(
authorizerName='string'
)
[REQUIRED]
The name of the authorizer to describe.
{
'authorizerDescription': {
'authorizerName': 'string',
'authorizerArn': 'string',
'authorizerFunctionArn': 'string',
'tokenKeyName': 'string',
'tokenSigningPublicKeys': {
'string': 'string'
},
'status': 'ACTIVE'|'INACTIVE',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'signingDisabled': True|False
}
}
Response Structure
The authorizer description.
The authorizer name.
The authorizer ARN.
The authorizer's Lambda function ARN.
The key used to extract the token from the HTTP headers.
The public keys used to validate the token signature returned by your custom authentication service.
The status of the authorizer.
The UNIX timestamp of when the authorizer was created.
The UNIX timestamp of when the authorizer was last updated.
Specifies whether AWS IoT validates the token signature in an authorization request.
Exceptions
Returns information about a billing group.
See also: AWS API Documentation
Request Syntax
response = client.describe_billing_group(
billingGroupName='string'
)
[REQUIRED]
The name of the billing group.
{
'billingGroupName': 'string',
'billingGroupId': 'string',
'billingGroupArn': 'string',
'version': 123,
'billingGroupProperties': {
'billingGroupDescription': 'string'
},
'billingGroupMetadata': {
'creationDate': datetime(2015, 1, 1)
}
}
Response Structure
The name of the billing group.
The ID of the billing group.
The ARN of the billing group.
The version of the billing group.
The properties of the billing group.
The description of the billing group.
Additional information about the billing group.
The date the billing group was created.
Exceptions
Describes a registered CA certificate.
See also: AWS API Documentation
Request Syntax
response = client.describe_ca_certificate(
certificateId='string'
)
[REQUIRED]
The CA certificate identifier.
{
'certificateDescription': {
'certificateArn': 'string',
'certificateId': 'string',
'status': 'ACTIVE'|'INACTIVE',
'certificatePem': 'string',
'ownedBy': 'string',
'creationDate': datetime(2015, 1, 1),
'autoRegistrationStatus': 'ENABLE'|'DISABLE',
'lastModifiedDate': datetime(2015, 1, 1),
'customerVersion': 123,
'generationId': 'string',
'validity': {
'notBefore': datetime(2015, 1, 1),
'notAfter': datetime(2015, 1, 1)
}
},
'registrationConfig': {
'templateBody': 'string',
'roleArn': 'string'
}
}
Response Structure
The output from the DescribeCACertificate operation.
The CA certificate description.
The CA certificate ARN.
The CA certificate ID.
The status of a CA certificate.
The CA certificate data, in PEM format.
The owner of the CA certificate.
The date the CA certificate was created.
Whether the CA certificate configured for auto registration of device certificates. Valid values are "ENABLE" and "DISABLE"
The date the CA certificate was last modified.
The customer version of the CA certificate.
The generation ID of the CA certificate.
When the CA certificate is valid.
The certificate is not valid before this date.
The certificate is not valid after this date.
Information about the registration configuration.
The template body.
The ARN of the role.
Exceptions
Gets information about the specified certificate.
See also: AWS API Documentation
Request Syntax
response = client.describe_certificate(
certificateId='string'
)
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
{
'certificateDescription': {
'certificateArn': 'string',
'certificateId': 'string',
'caCertificateId': 'string',
'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
'certificatePem': 'string',
'ownedBy': 'string',
'previousOwnedBy': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'customerVersion': 123,
'transferData': {
'transferMessage': 'string',
'rejectReason': 'string',
'transferDate': datetime(2015, 1, 1),
'acceptDate': datetime(2015, 1, 1),
'rejectDate': datetime(2015, 1, 1)
},
'generationId': 'string',
'validity': {
'notBefore': datetime(2015, 1, 1),
'notAfter': datetime(2015, 1, 1)
},
'certificateMode': 'DEFAULT'|'SNI_ONLY'
}
}
Response Structure
The output of the DescribeCertificate operation.
The description of the certificate.
The ARN of the certificate.
The ID of the certificate.
The certificate ID of the CA certificate used to sign this certificate.
The status of the certificate.
The certificate data, in PEM format.
The ID of the AWS account that owns the certificate.
The ID of the AWS account of the previous owner of the certificate.
The date and time the certificate was created.
The date and time the certificate was last modified.
The customer version of the certificate.
The transfer data.
The transfer message.
The reason why the transfer was rejected.
The date the transfer took place.
The date the transfer was accepted.
The date the transfer was rejected.
The generation ID of the certificate.
When the certificate is valid.
The certificate is not valid before this date.
The certificate is not valid after this date.
The mode of the certificate.
Exceptions
Gets information about a Device Defender detect custom metric.
See also: AWS API Documentation
Request Syntax
response = client.describe_custom_metric(
metricName='string'
)
[REQUIRED]
The name of the custom metric.
{
'metricName': 'string',
'metricArn': 'string',
'metricType': 'string-list'|'ip-address-list'|'number-list'|'number',
'displayName': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
The name of the custom metric.
The Amazon Resource Number (ARN) of the custom metric.
The type of the custom metric. Types include string-list , ip-address-list , number-list , and number .
Field represents a friendly name in the console for the custom metric; doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated.
The creation date of the custom metric in milliseconds since epoch.
The time the custom metric was last modified in milliseconds since epoch.
Exceptions
Describes the default authorizer.
See also: AWS API Documentation
Request Syntax
response = client.describe_default_authorizer()
{
'authorizerDescription': {
'authorizerName': 'string',
'authorizerArn': 'string',
'authorizerFunctionArn': 'string',
'tokenKeyName': 'string',
'tokenSigningPublicKeys': {
'string': 'string'
},
'status': 'ACTIVE'|'INACTIVE',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'signingDisabled': True|False
}
}
Response Structure
The default authorizer's description.
The authorizer name.
The authorizer ARN.
The authorizer's Lambda function ARN.
The key used to extract the token from the HTTP headers.
The public keys used to validate the token signature returned by your custom authentication service.
The status of the authorizer.
The UNIX timestamp of when the authorizer was created.
The UNIX timestamp of when the authorizer was last updated.
Specifies whether AWS IoT validates the token signature in an authorization request.
Exceptions
Gets information about a Device Defender ML Detect mitigation action.
See also: AWS API Documentation
Request Syntax
response = client.describe_detect_mitigation_actions_task(
taskId='string'
)
[REQUIRED]
The unique identifier of the task.
{
'taskSummary': {
'taskId': 'string',
'taskStatus': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'CANCELED',
'taskStartTime': datetime(2015, 1, 1),
'taskEndTime': datetime(2015, 1, 1),
'target': {
'violationIds': [
'string',
],
'securityProfileName': 'string',
'behaviorName': 'string'
},
'violationEventOccurrenceRange': {
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1)
},
'onlyActiveViolationsIncluded': True|False,
'suppressedAlertsIncluded': True|False,
'actionsDefinition': [
{
'name': 'string',
'id': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
},
],
'taskStatistics': {
'actionsExecuted': 123,
'actionsSkipped': 123,
'actionsFailed': 123
}
}
}
Response Structure
The description of a task.
The unique identifier of the task.
The status of the task.
The date the task started.
The date the task ended.
Specifies the ML Detect findings to which the mitigation actions are applied.
The unique identifiers of the violations.
The name of the security profile.
The name of the behavior.
Specifies the time period of which violation events occurred between.
The start date and time of a time period in which violation events occurred.
The end date and time of a time period in which violation events occurred.
Includes only active violations.
Includes suppressed alerts.
The definition of the actions.
Describes which changes should be applied as part of a mitigation action.
A user-friendly name for the mitigation action.
A unique identifier for the mitigation action.
The IAM role ARN used to apply this mitigation action.
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
The name of the template to be applied. The only supported value is BLANK_POLICY .
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
The Amazon Resource Name (ARN) of the IAM role used for logging.
Specifies the type of information to be logged.
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
The ARN of the topic to which you want to publish the findings.
The statistics of a mitigation action task.
The actions that were performed.
The actions that were skipped.
The actions that failed.
Exceptions
Provides details about a dimension that is defined in your AWS account.
See also: AWS API Documentation
Request Syntax
response = client.describe_dimension(
name='string'
)
[REQUIRED]
The unique identifier for the dimension.
{
'name': 'string',
'arn': 'string',
'type': 'TOPIC_FILTER',
'stringValues': [
'string',
],
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
The unique identifier for the dimension.
The Amazon Resource Name (ARN) for the dimension.
The type of the dimension.
The value or list of values used to scope the dimension. For example, for topic filters, this is the pattern used to match the MQTT topic name.
The date the dimension was created.
The date the dimension was last modified.
Exceptions
Gets summary information about a domain configuration.
See also: AWS API Documentation
Request Syntax
response = client.describe_domain_configuration(
domainConfigurationName='string'
)
[REQUIRED]
The name of the domain configuration.
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string',
'domainName': 'string',
'serverCertificates': [
{
'serverCertificateArn': 'string',
'serverCertificateStatus': 'INVALID'|'VALID',
'serverCertificateStatusDetail': 'string'
},
],
'authorizerConfig': {
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
'domainConfigurationStatus': 'ENABLED'|'DISABLED',
'serviceType': 'DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
'domainType': 'ENDPOINT'|'AWS_MANAGED'|'CUSTOMER_MANAGED',
'lastStatusChangeDate': datetime(2015, 1, 1)
}
Response Structure
The name of the domain configuration.
The ARN of the domain configuration.
The name of the domain.
A list containing summary information about the server certificate included in the domain configuration.
An object that contains information about a server certificate.
The ARN of the server certificate.
The status of the server certificate.
Details that explain the status of the server certificate.
An object that specifies the authorization service for a domain.
The name of the authorization service for a domain configuration.
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
A Boolean value that specifies the current state of the domain configuration.
The type of service delivered by the endpoint.
The type of the domain.
The date and time the domain configuration's status was last changed.
Exceptions
Returns a unique endpoint specific to the AWS account making the call.
See also: AWS API Documentation
Request Syntax
response = client.describe_endpoint(
endpointType='string'
)
The endpoint type. Valid endpoint types include:
We strongly recommend that customers use the newer iot:Data-ATS endpoint type to avoid issues related to the widespread distrust of Symantec certificate authorities.
{
'endpointAddress': 'string'
}
Response Structure
The output from the DescribeEndpoint operation.
The endpoint. The format of the endpoint is as follows: identifier .iot.*region* .amazonaws.com.
Exceptions
Describes event configurations.
See also: AWS API Documentation
Request Syntax
response = client.describe_event_configurations()
{
'eventConfigurations': {
'string': {
'Enabled': True|False
}
},
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
The event configurations.
Configuration.
True to enable the configuration.
The creation date of the event configuration.
The date the event configurations were last modified.
Exceptions
Describes a search index.
See also: AWS API Documentation
Request Syntax
response = client.describe_index(
indexName='string'
)
[REQUIRED]
The index name.
{
'indexName': 'string',
'indexStatus': 'ACTIVE'|'BUILDING'|'REBUILDING',
'schema': 'string'
}
Response Structure
The index name.
The index status.
Contains a value that specifies the type of indexing performed. Valid values are:
Exceptions
Describes a job.
See also: AWS API Documentation
Request Syntax
response = client.describe_job(
jobId='string'
)
[REQUIRED]
The unique identifier you assigned to this job when it was created.
{
'documentSource': 'string',
'job': {
'jobArn': 'string',
'jobId': 'string',
'targetSelection': 'CONTINUOUS'|'SNAPSHOT',
'status': 'IN_PROGRESS'|'CANCELED'|'COMPLETED'|'DELETION_IN_PROGRESS',
'forceCanceled': True|False,
'reasonCode': 'string',
'comment': 'string',
'targets': [
'string',
],
'description': 'string',
'presignedUrlConfig': {
'roleArn': 'string',
'expiresInSec': 123
},
'jobExecutionsRolloutConfig': {
'maximumPerMinute': 123,
'exponentialRate': {
'baseRatePerMinute': 123,
'incrementFactor': 123.0,
'rateIncreaseCriteria': {
'numberOfNotifiedThings': 123,
'numberOfSucceededThings': 123
}
}
},
'abortConfig': {
'criteriaList': [
{
'failureType': 'FAILED'|'REJECTED'|'TIMED_OUT'|'ALL',
'action': 'CANCEL',
'thresholdPercentage': 123.0,
'minNumberOfExecutedThings': 123
},
]
},
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'completedAt': datetime(2015, 1, 1),
'jobProcessDetails': {
'processingTargets': [
'string',
],
'numberOfCanceledThings': 123,
'numberOfSucceededThings': 123,
'numberOfFailedThings': 123,
'numberOfRejectedThings': 123,
'numberOfQueuedThings': 123,
'numberOfInProgressThings': 123,
'numberOfRemovedThings': 123,
'numberOfTimedOutThings': 123
},
'timeoutConfig': {
'inProgressTimeoutInMinutes': 123
},
'namespaceId': 'string',
'jobTemplateArn': 'string'
}
}
Response Structure
An S3 link to the job document.
Information about the job.
An ARN identifying the job with format "arn:aws:iot:region:account:job/jobId".
The unique identifier you assigned to this job when it was created.
Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a device when the thing representing the device is added to a target group, even after the job was completed by all things originally in the group.
The status of the job, one of IN_PROGRESS , CANCELED , DELETION_IN_PROGRESS or COMPLETED .
Will be true if the job was canceled with the optional force parameter set to true .
If the job was updated, provides the reason code for the update.
If the job was updated, describes the reason for the update.
A list of IoT things and thing groups to which the job should be sent.
A short text description of the job.
Configuration for pre-signed S3 URLs.
The ARN of an IAM role that grants grants permission to download files from the S3 bucket where the job data/updates are stored. The role must also grant permission for IoT to download the files.
How long (in seconds) pre-signed URLs are valid. Valid values are 60 - 3600, the default value is 3600 seconds. Pre-signed URLs are generated when Jobs receives an MQTT request for the job document.
Allows you to create a staged rollout of a job.
The maximum number of things that will be notified of a pending job, per minute. This parameter allows you to create a staged rollout.
The rate of increase for a job rollout. This parameter allows you to define an exponential rate for a job rollout.
The minimum number of things that will be notified of a pending job, per minute at the start of job rollout. This parameter allows you to define the initial rate of rollout.
The exponential factor to increase the rate of rollout for a job.
AWS IoT supports up to one digit after the decimal (for example, 1.5, but not 1.55).
The criteria to initiate the increase in rate of rollout for a job.
The threshold for number of notified things that will initiate the increase in rate of rollout.
The threshold for number of succeeded things that will initiate the increase in rate of rollout.
Configuration for criteria to abort the job.
The list of criteria that determine when and how to abort the job.
The criteria that determine when and how a job abort takes place.
The type of job execution failures that can initiate a job abort.
The type of job action to take to initiate the job abort.
The minimum percentage of job execution failures that must occur to initiate the job abort.
AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).
The minimum number of things which must receive job execution notifications before the job can be aborted.
The time, in seconds since the epoch, when the job was created.
The time, in seconds since the epoch, when the job was last updated.
The time, in seconds since the epoch, when the job was completed.
Details about the job process.
The target devices to which the job execution is being rolled out. This value will be null after the job execution has finished rolling out to all the target devices.
The number of things that cancelled the job.
The number of things which successfully completed the job.
The number of things that failed executing the job.
The number of things that rejected the job.
The number of things that are awaiting execution of the job.
The number of things currently executing the job.
The number of things that are no longer scheduled to execute the job because they have been deleted or have been removed from the group that was a target of the job.
The number of things whose job execution status is TIMED_OUT .
Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to IN_PROGRESS . If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to TIMED_OUT .
Specifies the amount of time, in minutes, this device has to finish execution of this job. The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The in progress timer can't be updated and will apply to all job executions for the job. Whenever a job execution remains in the IN_PROGRESS status for longer than this interval, the job execution will fail and switch to the terminal TIMED_OUT status.
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
The ARN of the job template used to create the job.
Exceptions
Describes a job execution.
See also: AWS API Documentation
Request Syntax
response = client.describe_job_execution(
jobId='string',
thingName='string',
executionNumber=123
)
[REQUIRED]
The unique identifier you assigned to this job when it was created.
[REQUIRED]
The name of the thing on which the job execution is running.
dict
Response Syntax
{
'execution': {
'jobId': 'string',
'status': 'QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
'forceCanceled': True|False,
'statusDetails': {
'detailsMap': {
'string': 'string'
}
},
'thingArn': 'string',
'queuedAt': datetime(2015, 1, 1),
'startedAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'executionNumber': 123,
'versionNumber': 123,
'approximateSecondsBeforeTimedOut': 123
}
}
Response Structure
(dict) --
execution (dict) --
Information about the job execution.
jobId (string) --
The unique identifier you assigned to the job when it was created.
status (string) --
The status of the job execution (IN_PROGRESS, QUEUED, FAILED, SUCCEEDED, TIMED_OUT, CANCELED, or REJECTED).
forceCanceled (boolean) --
Will be true if the job execution was canceled with the optional force parameter set to true .
statusDetails (dict) --
A collection of name/value pairs that describe the status of the job execution.
detailsMap (dict) --
The job execution status.
thingArn (string) --
The ARN of the thing on which the job execution is running.
queuedAt (datetime) --
The time, in seconds since the epoch, when the job execution was queued.
startedAt (datetime) --
The time, in seconds since the epoch, when the job execution started.
lastUpdatedAt (datetime) --
The time, in seconds since the epoch, when the job execution was last updated.
executionNumber (integer) --
A string (consisting of the digits "0" through "9") which identifies this particular job execution on this particular device. It can be used in commands which return or update job execution information.
versionNumber (integer) --
The version of the job execution. Job execution versions are incremented each time they are updated by a device.
approximateSecondsBeforeTimedOut (integer) --
The estimated number of seconds that remain before the job execution status will be changed to TIMED_OUT . The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The actual job execution timeout can occur up to 60 seconds later than the estimated duration. This value will not be included if the job execution has reached a terminal status.
Exceptions
Returns information about a job template.
See also: AWS API Documentation
Request Syntax
response = client.describe_job_template(
jobTemplateId='string'
)
[REQUIRED]
The unique identifier of the job template.
{
'jobTemplateArn': 'string',
'jobTemplateId': 'string',
'description': 'string',
'documentSource': 'string',
'document': 'string',
'createdAt': datetime(2015, 1, 1),
'presignedUrlConfig': {
'roleArn': 'string',
'expiresInSec': 123
},
'jobExecutionsRolloutConfig': {
'maximumPerMinute': 123,
'exponentialRate': {
'baseRatePerMinute': 123,
'incrementFactor': 123.0,
'rateIncreaseCriteria': {
'numberOfNotifiedThings': 123,
'numberOfSucceededThings': 123
}
}
},
'abortConfig': {
'criteriaList': [
{
'failureType': 'FAILED'|'REJECTED'|'TIMED_OUT'|'ALL',
'action': 'CANCEL',
'thresholdPercentage': 123.0,
'minNumberOfExecutedThings': 123
},
]
},
'timeoutConfig': {
'inProgressTimeoutInMinutes': 123
}
}
Response Structure
The ARN of the job template.
The unique identifier of the job template.
A description of the job template.
An S3 link to the job document.
The job document.
The time, in seconds since the epoch, when the job template was created.
Configuration for pre-signed S3 URLs.
The ARN of an IAM role that grants grants permission to download files from the S3 bucket where the job data/updates are stored. The role must also grant permission for IoT to download the files.
How long (in seconds) pre-signed URLs are valid. Valid values are 60 - 3600, the default value is 3600 seconds. Pre-signed URLs are generated when Jobs receives an MQTT request for the job document.
Allows you to create a staged rollout of a job.
The maximum number of things that will be notified of a pending job, per minute. This parameter allows you to create a staged rollout.
The rate of increase for a job rollout. This parameter allows you to define an exponential rate for a job rollout.
The minimum number of things that will be notified of a pending job, per minute at the start of job rollout. This parameter allows you to define the initial rate of rollout.
The exponential factor to increase the rate of rollout for a job.
AWS IoT supports up to one digit after the decimal (for example, 1.5, but not 1.55).
The criteria to initiate the increase in rate of rollout for a job.
The threshold for number of notified things that will initiate the increase in rate of rollout.
The threshold for number of succeeded things that will initiate the increase in rate of rollout.
The criteria that determine when and how a job abort takes place.
The list of criteria that determine when and how to abort the job.
The criteria that determine when and how a job abort takes place.
The type of job execution failures that can initiate a job abort.
The type of job action to take to initiate the job abort.
The minimum percentage of job execution failures that must occur to initiate the job abort.
AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).
The minimum number of things which must receive job execution notifications before the job can be aborted.
Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to IN_PROGRESS . If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to TIMED_OUT .
Specifies the amount of time, in minutes, this device has to finish execution of this job. The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The in progress timer can't be updated and will apply to all job executions for the job. Whenever a job execution remains in the IN_PROGRESS status for longer than this interval, the job execution will fail and switch to the terminal TIMED_OUT status.
Exceptions
Gets information about a mitigation action.
See also: AWS API Documentation
Request Syntax
response = client.describe_mitigation_action(
actionName='string'
)
[REQUIRED]
The friendly name that uniquely identifies the mitigation action.
{
'actionName': 'string',
'actionType': 'UPDATE_DEVICE_CERTIFICATE'|'UPDATE_CA_CERTIFICATE'|'ADD_THINGS_TO_THING_GROUP'|'REPLACE_DEFAULT_POLICY_VERSION'|'ENABLE_IOT_LOGGING'|'PUBLISH_FINDING_TO_SNS',
'actionArn': 'string',
'actionId': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
},
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
The friendly name that uniquely identifies the mitigation action.
The type of mitigation action.
The ARN that identifies this migration action.
A unique identifier for this action.
The ARN of the IAM role used to apply this action.
Parameters that control how the mitigation action is applied, specific to the type of mitigation action.
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
The name of the template to be applied. The only supported value is BLANK_POLICY .
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
The Amazon Resource Name (ARN) of the IAM role used for logging.
Specifies the type of information to be logged.
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
The ARN of the topic to which you want to publish the findings.
The date and time when the mitigation action was added to your AWS account.
The date and time when the mitigation action was last changed.
Exceptions
Returns information about a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
response = client.describe_provisioning_template(
templateName='string'
)
[REQUIRED]
The name of the fleet provisioning template.
{
'templateArn': 'string',
'templateName': 'string',
'description': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'defaultVersionId': 123,
'templateBody': 'string',
'enabled': True|False,
'provisioningRoleArn': 'string',
'preProvisioningHook': {
'payloadVersion': 'string',
'targetArn': 'string'
}
}
Response Structure
The ARN of the fleet provisioning template.
The name of the fleet provisioning template.
The description of the fleet provisioning template.
The date when the fleet provisioning template was created.
The date when the fleet provisioning template was last modified.
The default fleet template version ID.
The JSON formatted contents of the fleet provisioning template.
True if the fleet provisioning template is enabled, otherwise false.
The ARN of the role associated with the provisioning template. This IoT role grants permission to provision a device.
Gets information about a pre-provisioned hook.
The payload that was sent to the target function.
Note: Only Lambda functions are currently supported.
The ARN of the target function.
Note: Only Lambda functions are currently supported.
Exceptions
Returns information about a fleet provisioning template version.
See also: AWS API Documentation
Request Syntax
response = client.describe_provisioning_template_version(
templateName='string',
versionId=123
)
[REQUIRED]
The template name.
[REQUIRED]
The fleet provisioning template version ID.
dict
Response Syntax
{
'versionId': 123,
'creationDate': datetime(2015, 1, 1),
'templateBody': 'string',
'isDefaultVersion': True|False
}
Response Structure
(dict) --
versionId (integer) --
The fleet provisioning template version ID.
creationDate (datetime) --
The date when the fleet provisioning template version was created.
templateBody (string) --
The JSON formatted contents of the fleet provisioning template version.
isDefaultVersion (boolean) --
True if the fleet provisioning template version is the default version.
Exceptions
Describes a role alias.
See also: AWS API Documentation
Request Syntax
response = client.describe_role_alias(
roleAlias='string'
)
[REQUIRED]
The role alias to describe.
{
'roleAliasDescription': {
'roleAlias': 'string',
'roleAliasArn': 'string',
'roleArn': 'string',
'owner': 'string',
'credentialDurationSeconds': 123,
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
}
Response Structure
The role alias description.
The role alias.
The ARN of the role alias.
The role ARN.
The role alias owner.
The number of seconds for which the credential is valid.
The UNIX timestamp of when the role alias was created.
The UNIX timestamp of when the role alias was last modified.
Exceptions
Gets information about a scheduled audit.
See also: AWS API Documentation
Request Syntax
response = client.describe_scheduled_audit(
scheduledAuditName='string'
)
[REQUIRED]
The name of the scheduled audit whose information you want to get.
{
'frequency': 'DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
'dayOfMonth': 'string',
'dayOfWeek': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
'targetCheckNames': [
'string',
],
'scheduledAuditName': 'string',
'scheduledAuditArn': 'string'
}
Response Structure
How often the scheduled audit takes place, either one of DAILY , WEEKLY , BIWEEKLY , or MONTHLY . The start time of each audit is determined by the system.
The day of the month on which the scheduled audit takes place. This is will be 1 through 31 or LAST . If days 29 -31 are specified, and the month does not have that many days, the audit takes place on the LAST day of the month.
The day of the week on which the scheduled audit takes place, either one of SUN , MON , TUE , WED , THU , FRI , or SAT .
Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
The name of the scheduled audit.
The ARN of the scheduled audit.
Exceptions
Gets information about a Device Defender security profile.
See also: AWS API Documentation
Request Syntax
response = client.describe_security_profile(
securityProfileName='string'
)
[REQUIRED]
The name of the security profile whose information you want to get.
{
'securityProfileName': 'string',
'securityProfileArn': 'string',
'securityProfileDescription': 'string',
'behaviors': [
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
],
'alertTargets': {
'string': {
'alertTargetArn': 'string',
'roleArn': 'string'
}
},
'additionalMetricsToRetain': [
'string',
],
'additionalMetricsToRetainV2': [
{
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
}
},
],
'version': 123,
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
The name of the security profile.
The ARN of the security profile.
A description of the security profile (associated with the security profile when it was created or updated).
Specifies the behaviors that, when violated by a device (thing), cause an alert.
A Device Defender security profile behavior.
The name you've given to the behavior.
What is measured by the behavior.
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
A unique identifier for the dimension.
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
The criteria that determine if a device is behaving normally in regard to the metric .
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
The value to be compared with the metric .
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
The numeral value of a metric.
The numeral values of a metric.
The string values of a metric.
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
The configuration of an ML Detect
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
Suppresses alerts.
Where the alerts are sent. (Alerts are always sent to the console.)
The type of alert target: one of "SNS".
A structure containing the alert target ARN and the role ARN.
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.
The ARN of the role that grants permission to send alerts to the notification target.
Please use DescribeSecurityProfileResponse$additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors , but it is also retained for any metric specified here.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here.
The metric you want to retain. Dimensions are optional.
What is measured by the behavior.
The dimension of a metric. This can't be used with custom metrics.
A unique identifier for the dimension.
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
The version of the security profile. A new version is generated whenever the security profile is updated.
The time the security profile was created.
The time the security profile was last modified.
Exceptions
Gets information about a stream.
See also: AWS API Documentation
Request Syntax
response = client.describe_stream(
streamId='string'
)
[REQUIRED]
The stream ID.
{
'streamInfo': {
'streamId': 'string',
'streamArn': 'string',
'streamVersion': 123,
'description': 'string',
'files': [
{
'fileId': 123,
's3Location': {
'bucket': 'string',
'key': 'string',
'version': 'string'
}
},
],
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'roleArn': 'string'
}
}
Response Structure
Information about the stream.
The stream ID.
The stream ARN.
The stream version.
The description of the stream.
The files to stream.
Represents a file to stream.
The file ID.
The location of the file in S3.
The S3 bucket.
The S3 key.
The S3 bucket version.
The date when the stream was created.
The date when the stream was last updated.
An IAM role AWS IoT assumes to access your S3 files.
Exceptions
Gets information about the specified thing.
See also: AWS API Documentation
Request Syntax
response = client.describe_thing(
thingName='string'
)
[REQUIRED]
The name of the thing.
{
'defaultClientId': 'string',
'thingName': 'string',
'thingId': 'string',
'thingArn': 'string',
'thingTypeName': 'string',
'attributes': {
'string': 'string'
},
'version': 123,
'billingGroupName': 'string'
}
Response Structure
The output from the DescribeThing operation.
The default MQTT client ID. For a typical device, the thing name is also used as the default MQTT client ID. Although we don’t require a mapping between a thing's registry name and its use of MQTT client IDs, certificates, or shadow state, we recommend that you choose a thing name and use it as the MQTT client ID for the registry and the Device Shadow service.
This lets you better organize your AWS IoT fleet without removing the flexibility of the underlying device certificate model or shadows.
The name of the thing.
The ID of the thing to describe.
The ARN of the thing to describe.
The thing type name.
The thing attributes.
The current version of the thing record in the registry.
Note
To avoid unintentional changes to the information in the registry, you can pass the version information in the expectedVersion parameter of the UpdateThing and DeleteThing calls.
The name of the billing group the thing belongs to.
Exceptions
Describe a thing group.
See also: AWS API Documentation
Request Syntax
response = client.describe_thing_group(
thingGroupName='string'
)
[REQUIRED]
The name of the thing group.
{
'thingGroupName': 'string',
'thingGroupId': 'string',
'thingGroupArn': 'string',
'version': 123,
'thingGroupProperties': {
'thingGroupDescription': 'string',
'attributePayload': {
'attributes': {
'string': 'string'
},
'merge': True|False
}
},
'thingGroupMetadata': {
'parentGroupName': 'string',
'rootToParentThingGroups': [
{
'groupName': 'string',
'groupArn': 'string'
},
],
'creationDate': datetime(2015, 1, 1)
},
'indexName': 'string',
'queryString': 'string',
'queryVersion': 'string',
'status': 'ACTIVE'|'BUILDING'|'REBUILDING'
}
Response Structure
The name of the thing group.
The thing group ID.
The thing group ARN.
The version of the thing group.
The thing group properties.
The thing group description.
The thing group attributes in JSON format.
A JSON string containing up to three key-value pair in JSON format. For example:
{\"attributes\":{\"string1\":\"string2\"}}
Specifies whether the list of attributes provided in the AttributePayload is merged with the attributes stored in the registry, instead of overwriting them.
To remove an attribute, call UpdateThing with an empty attribute value.
Note
The merge attribute is only valid when calling UpdateThing or UpdateThingGroup .
Thing group metadata.
The parent thing group name.
The root parent thing group.
The name and ARN of a group.
The group name.
The group ARN.
The UNIX timestamp of when the thing group was created.
The dynamic thing group index name.
The dynamic thing group search query string.
The dynamic thing group query version.
The dynamic thing group status.
Exceptions
Describes a bulk thing provisioning task.
See also: AWS API Documentation
Request Syntax
response = client.describe_thing_registration_task(
taskId='string'
)
[REQUIRED]
The task ID.
{
'taskId': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'templateBody': 'string',
'inputFileBucket': 'string',
'inputFileKey': 'string',
'roleArn': 'string',
'status': 'InProgress'|'Completed'|'Failed'|'Cancelled'|'Cancelling',
'message': 'string',
'successCount': 123,
'failureCount': 123,
'percentageProgress': 123
}
Response Structure
The task ID.
The task creation date.
The date when the task was last modified.
The task's template.
The S3 bucket that contains the input file.
The input file key.
The role ARN that grants access to the input file bucket.
The status of the bulk thing provisioning task.
The message.
The number of things successfully provisioned.
The number of things that failed to be provisioned.
The progress of the bulk provisioning task expressed as a percentage.
Exceptions
Gets information about the specified thing type.
See also: AWS API Documentation
Request Syntax
response = client.describe_thing_type(
thingTypeName='string'
)
[REQUIRED]
The name of the thing type.
{
'thingTypeName': 'string',
'thingTypeId': 'string',
'thingTypeArn': 'string',
'thingTypeProperties': {
'thingTypeDescription': 'string',
'searchableAttributes': [
'string',
]
},
'thingTypeMetadata': {
'deprecated': True|False,
'deprecationDate': datetime(2015, 1, 1),
'creationDate': datetime(2015, 1, 1)
}
}
Response Structure
The output for the DescribeThingType operation.
The name of the thing type.
The thing type ID.
The thing type ARN.
The ThingTypeProperties contains information about the thing type including description, and a list of searchable thing attribute names.
The description of the thing type.
A list of searchable thing attribute names.
The ThingTypeMetadata contains additional information about the thing type including: creation date and time, a value indicating whether the thing type is deprecated, and a date and time when it was deprecated.
Whether the thing type is deprecated. If true , no new things could be associated with this type.
The date and time when the thing type was deprecated.
The date and time when the thing type was created.
Exceptions
Detaches a policy from the specified target.
See also: AWS API Documentation
Request Syntax
response = client.detach_policy(
policyName='string',
target='string'
)
[REQUIRED]
The policy to detach.
[REQUIRED]
The target from which the policy will be detached.
None
Exceptions
Removes the specified policy from the specified certificate.
Note: This API is deprecated. Please use DetachPolicy instead.
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response = client.detach_principal_policy(
policyName='string',
principal='string'
)
[REQUIRED]
The name of the policy to detach.
[REQUIRED]
The principal.
Valid principals are CertificateArn (arn:aws:iot:region :accountId :cert/certificateId ), thingGroupArn (arn:aws:iot:region :accountId :thinggroup/groupName ) and CognitoId (region :id ).
None
Exceptions
Disassociates a Device Defender security profile from a thing group or from this account.
See also: AWS API Documentation
Request Syntax
response = client.detach_security_profile(
securityProfileName='string',
securityProfileTargetArn='string'
)
[REQUIRED]
The security profile that is detached.
[REQUIRED]
The ARN of the thing group from which the security profile is detached.
dict
Response Syntax
{}
Response Structure
Exceptions
Detaches the specified principal from the specified thing. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.
Note
This call is asynchronous. It might take several seconds for the detachment to propagate.
See also: AWS API Documentation
Request Syntax
response = client.detach_thing_principal(
thingName='string',
principal='string'
)
[REQUIRED]
The name of the thing.
[REQUIRED]
If the principal is a certificate, this value must be ARN of the certificate. If the principal is an Amazon Cognito identity, this value must be the ID of the Amazon Cognito identity.
dict
Response Syntax
{}
Response Structure
(dict) --
The output from the DetachThingPrincipal operation.
Exceptions
Disables the rule.
See also: AWS API Documentation
Request Syntax
response = client.disable_topic_rule(
ruleName='string'
)
[REQUIRED]
The name of the rule to disable.
Exceptions
Enables the rule.
See also: AWS API Documentation
Request Syntax
response = client.enable_topic_rule(
ruleName='string'
)
[REQUIRED]
The name of the topic rule to enable.
Exceptions
Generate a presigned url given a client, its method, and arguments
The presigned url
Returns a Device Defender's ML Detect Security Profile training model's status.
See also: AWS API Documentation
Request Syntax
response = client.get_behavior_model_training_summaries(
securityProfileName='string',
maxResults=123,
nextToken='string'
)
dict
Response Syntax
{
'summaries': [
{
'securityProfileName': 'string',
'behaviorName': 'string',
'trainingDataCollectionStartDate': datetime(2015, 1, 1),
'modelStatus': 'PENDING_BUILD'|'ACTIVE'|'EXPIRED',
'datapointsCollectionPercentage': 123.0,
'lastModelRefreshDate': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
summaries (list) --
A list of all ML Detect behaviors and their model status for a given Security Profile.
(dict) --
The summary of an ML Detect behavior model.
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
trainingDataCollectionStartDate (datetime) --
The date a training model started collecting data.
modelStatus (string) --
The status of the behavior model.
datapointsCollectionPercentage (float) --
The percentage of datapoints collected.
lastModelRefreshDate (datetime) --
The date the model was last refreshed.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Returns the approximate count of unique values that match the query.
See also: AWS API Documentation
Request Syntax
response = client.get_cardinality(
indexName='string',
queryString='string',
aggregationField='string',
queryVersion='string'
)
[REQUIRED]
The search query.
dict
Response Syntax
{
'cardinality': 123
}
Response Structure
(dict) --
cardinality (integer) --
The approximate count of unique values that match the query.
Exceptions
Gets a list of the policies that have an effect on the authorization behavior of the specified device when it connects to the AWS IoT device gateway.
See also: AWS API Documentation
Request Syntax
response = client.get_effective_policies(
principal='string',
cognitoIdentityPoolId='string',
thingName='string'
)
dict
Response Syntax
{
'effectivePolicies': [
{
'policyName': 'string',
'policyArn': 'string',
'policyDocument': 'string'
},
]
}
Response Structure
(dict) --
effectivePolicies (list) --
The effective policies.
(dict) --
The policy that has the effect on the authorization results.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
policyDocument (string) --
The IAM policy document.
Exceptions
Gets the indexing configuration.
See also: AWS API Documentation
Request Syntax
response = client.get_indexing_configuration()
{
'thingIndexingConfiguration': {
'thingIndexingMode': 'OFF'|'REGISTRY'|'REGISTRY_AND_SHADOW',
'thingConnectivityIndexingMode': 'OFF'|'STATUS',
'managedFields': [
{
'name': 'string',
'type': 'Number'|'String'|'Boolean'
},
],
'customFields': [
{
'name': 'string',
'type': 'Number'|'String'|'Boolean'
},
]
},
'thingGroupIndexingConfiguration': {
'thingGroupIndexingMode': 'OFF'|'ON',
'managedFields': [
{
'name': 'string',
'type': 'Number'|'String'|'Boolean'
},
],
'customFields': [
{
'name': 'string',
'type': 'Number'|'String'|'Boolean'
},
]
}
}
Response Structure
Thing indexing configuration.
Thing indexing mode. Valid values are:
Thing connectivity indexing mode. Valid values are:
Contains fields that are indexed and whose types are already known by the Fleet Indexing service.
Describes the name and data type at a field.
The name of the field.
The datatype of the field.
Contains custom field names and their data type.
Describes the name and data type at a field.
The name of the field.
The datatype of the field.
The index configuration.
Thing group indexing mode.
Contains fields that are indexed and whose types are already known by the Fleet Indexing service.
Describes the name and data type at a field.
The name of the field.
The datatype of the field.
A list of thing group fields to index. This list cannot contain any managed fields. Use the GetIndexingConfiguration API to get a list of managed fields.
Contains custom field names and their data type.
Describes the name and data type at a field.
The name of the field.
The datatype of the field.
Exceptions
Gets a job document.
See also: AWS API Documentation
Request Syntax
response = client.get_job_document(
jobId='string'
)
[REQUIRED]
The unique identifier you assigned to this job when it was created.
{
'document': 'string'
}
Response Structure
The job document content.
Exceptions
Gets the logging options.
NOTE: use of this command is not recommended. Use GetV2LoggingOptions instead.
See also: AWS API Documentation
Request Syntax
response = client.get_logging_options()
{
'roleArn': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
}
Response Structure
The output from the GetLoggingOptions operation.
The ARN of the IAM role that grants access.
The logging level.
Exceptions
Gets an OTA update.
See also: AWS API Documentation
Request Syntax
response = client.get_ota_update(
otaUpdateId='string'
)
[REQUIRED]
The OTA update ID.
{
'otaUpdateInfo': {
'otaUpdateId': 'string',
'otaUpdateArn': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'description': 'string',
'targets': [
'string',
],
'protocols': [
'MQTT'|'HTTP',
],
'awsJobExecutionsRolloutConfig': {
'maximumPerMinute': 123,
'exponentialRate': {
'baseRatePerMinute': 123,
'incrementFactor': 123.0,
'rateIncreaseCriteria': {
'numberOfNotifiedThings': 123,
'numberOfSucceededThings': 123
}
}
},
'awsJobPresignedUrlConfig': {
'expiresInSec': 123
},
'targetSelection': 'CONTINUOUS'|'SNAPSHOT',
'otaUpdateFiles': [
{
'fileName': 'string',
'fileType': 123,
'fileVersion': 'string',
'fileLocation': {
'stream': {
'streamId': 'string',
'fileId': 123
},
's3Location': {
'bucket': 'string',
'key': 'string',
'version': 'string'
}
},
'codeSigning': {
'awsSignerJobId': 'string',
'startSigningJobParameter': {
'signingProfileParameter': {
'certificateArn': 'string',
'platform': 'string',
'certificatePathOnDevice': 'string'
},
'signingProfileName': 'string',
'destination': {
's3Destination': {
'bucket': 'string',
'prefix': 'string'
}
}
},
'customCodeSigning': {
'signature': {
'inlineDocument': b'bytes'
},
'certificateChain': {
'certificateName': 'string',
'inlineDocument': 'string'
},
'hashAlgorithm': 'string',
'signatureAlgorithm': 'string'
}
},
'attributes': {
'string': 'string'
}
},
],
'otaUpdateStatus': 'CREATE_PENDING'|'CREATE_IN_PROGRESS'|'CREATE_COMPLETE'|'CREATE_FAILED',
'awsIotJobId': 'string',
'awsIotJobArn': 'string',
'errorInfo': {
'code': 'string',
'message': 'string'
},
'additionalParameters': {
'string': 'string'
}
}
}
Response Structure
The OTA update info.
The OTA update ID.
The OTA update ARN.
The date when the OTA update was created.
The date when the OTA update was last updated.
A description of the OTA update.
The targets of the OTA update.
The protocol used to transfer the OTA update image. Valid values are [HTTP], [MQTT], [HTTP, MQTT]. When both HTTP and MQTT are specified, the target device can choose the protocol.
Configuration for the rollout of OTA updates.
The maximum number of OTA update job executions started per minute.
The rate of increase for a job rollout. This parameter allows you to define an exponential rate increase for a job rollout.
The minimum number of things that will be notified of a pending job, per minute, at the start of the job rollout. This is the initial rate of the rollout.
The rate of increase for a job rollout. The number of things notified is multiplied by this factor.
The criteria to initiate the increase in rate of rollout for a job.
AWS IoT supports up to one digit after the decimal (for example, 1.5, but not 1.55).
When this number of things have been notified, it will initiate an increase in the rollout rate.
When this number of things have succeeded in their job execution, it will initiate an increase in the rollout rate.
Configuration information for pre-signed URLs. Valid when protocols contains HTTP.
How long (in seconds) pre-signed URLs are valid. Valid values are 60 - 3600, the default value is 1800 seconds. Pre-signed URLs are generated when a request for the job document is received.
Specifies whether the OTA update will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the OTA update (SNAPSHOT). If continuous, the OTA update may also be run on a thing when a change is detected in a target. For example, an OTA update will run on a thing when the thing is added to a target group, even after the OTA update was completed by all things originally in the group.
A list of files associated with the OTA update.
Describes a file to be associated with an OTA update.
The name of the file.
An integer value you can include in the job document to allow your devices to identify the type of file received from the cloud.
The file version.
The location of the updated firmware.
The stream that contains the OTA update.
The stream ID.
The ID of a file associated with a stream.
The location of the updated firmware in S3.
The S3 bucket.
The S3 key.
The S3 bucket version.
The code signing method of the file.
The ID of the AWSSignerJob which was created to sign the file.
Describes the code-signing job.
Describes the code-signing profile.
Certificate ARN.
The hardware platform of your device.
The location of the code-signing certificate on your device.
The code-signing profile name.
The location to write the code-signed file.
Describes the location in S3 of the updated firmware.
The S3 bucket that contains the updated firmware.
The S3 prefix.
A custom method for code signing a file.
The signature for the file.
A base64 encoded binary representation of the code signing signature.
The certificate chain.
The name of the certificate.
A base64 encoded binary representation of the code signing certificate chain.
The hash algorithm used to code sign the file.
The signature algorithm used to code sign the file.
A list of name/attribute pairs.
The status of the OTA update.
The AWS IoT job ID associated with the OTA update.
The AWS IoT job ARN associated with the OTA update.
Error information associated with the OTA update.
The error code.
The error message.
A collection of name/value pairs
Exceptions
Create a paginator for an operation.
Groups the aggregated values that match the query into percentile groupings. The default percentile groupings are: 1,5,25,50,75,95,99, although you can specify your own when you call GetPercentiles . This function returns a value for each percentile group specified (or the default percentile groupings). The percentile group "1" contains the aggregated field value that occurs in approximately one percent of the values that match the query. The percentile group "5" contains the aggregated field value that occurs in approximately five percent of the values that match the query, and so on. The result is an approximation, the more values that match the query, the more accurate the percentile values.
See also: AWS API Documentation
Request Syntax
response = client.get_percentiles(
indexName='string',
queryString='string',
aggregationField='string',
queryVersion='string',
percents=[
123.0,
]
)
[REQUIRED]
The query string.
The percentile groups returned.
dict
Response Syntax
{
'percentiles': [
{
'percent': 123.0,
'value': 123.0
},
]
}
Response Structure
(dict) --
percentiles (list) --
The percentile values of the aggregated fields.
(dict) --
Describes the percentile and percentile value.
percent (float) --
The percentile.
value (float) --
The value of the percentile.
Exceptions
Gets information about the specified policy with the policy document of the default version.
See also: AWS API Documentation
Request Syntax
response = client.get_policy(
policyName='string'
)
[REQUIRED]
The name of the policy.
{
'policyName': 'string',
'policyArn': 'string',
'policyDocument': 'string',
'defaultVersionId': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'generationId': 'string'
}
Response Structure
The output from the GetPolicy operation.
The policy name.
The policy ARN.
The JSON document that describes the policy.
The default policy version ID.
The date the policy was created.
The date the policy was last modified.
The generation ID of the policy.
Exceptions
Gets information about the specified policy version.
See also: AWS API Documentation
Request Syntax
response = client.get_policy_version(
policyName='string',
policyVersionId='string'
)
[REQUIRED]
The name of the policy.
[REQUIRED]
The policy version ID.
dict
Response Syntax
{
'policyArn': 'string',
'policyName': 'string',
'policyDocument': 'string',
'policyVersionId': 'string',
'isDefaultVersion': True|False,
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'generationId': 'string'
}
Response Structure
(dict) --
The output from the GetPolicyVersion operation.
policyArn (string) --
The policy ARN.
policyName (string) --
The policy name.
policyDocument (string) --
The JSON document that describes the policy.
policyVersionId (string) --
The policy version ID.
isDefaultVersion (boolean) --
Specifies whether the policy version is the default.
creationDate (datetime) --
The date the policy was created.
lastModifiedDate (datetime) --
The date the policy was last modified.
generationId (string) --
The generation ID of the policy version.
Exceptions
Gets a registration code used to register a CA certificate with AWS IoT.
See also: AWS API Documentation
Request Syntax
response = client.get_registration_code()
{
'registrationCode': 'string'
}
Response Structure
The output from the GetRegistrationCode operation.
The CA certificate registration code.
Exceptions
Returns the count, average, sum, minimum, maximum, sum of squares, variance, and standard deviation for the specified aggregated field. If the aggregation field is of type String , only the count statistic is returned.
See also: AWS API Documentation
Request Syntax
response = client.get_statistics(
indexName='string',
queryString='string',
aggregationField='string',
queryVersion='string'
)
[REQUIRED]
The query used to search. You can specify "*" for the query string to get the count of all indexed things in your AWS account.
dict
Response Syntax
{
'statistics': {
'count': 123,
'average': 123.0,
'sum': 123.0,
'minimum': 123.0,
'maximum': 123.0,
'sumOfSquares': 123.0,
'variance': 123.0,
'stdDeviation': 123.0
}
}
Response Structure
(dict) --
statistics (dict) --
The statistics returned by the Fleet Indexing service based on the query and aggregation field.
count (integer) --
The count of things that match the query.
average (float) --
The average of the aggregated field values.
sum (float) --
The sum of the aggregated field values.
minimum (float) --
The minimum aggregated field value.
maximum (float) --
The maximum aggregated field value.
sumOfSquares (float) --
The sum of the squares of the aggregated field values.
variance (float) --
The variance of the aggregated field values.
stdDeviation (float) --
The standard deviation of the aggregated field values.
Exceptions
Gets information about the rule.
See also: AWS API Documentation
Request Syntax
response = client.get_topic_rule(
ruleName='string'
)
[REQUIRED]
The name of the rule.
{
'ruleArn': 'string',
'rule': {
'ruleName': 'string',
'sql': 'string',
'description': 'string',
'createdAt': datetime(2015, 1, 1),
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
}
}
}
Response Structure
The output from the GetTopicRule operation.
The rule ARN.
The rule.
The name of the rule.
The SQL statement used to query the topic. When using a SQL query with multiple lines, be sure to escape the newline characters.
The description of the rule.
The date and time the rule was created.
The actions associated with the rule.
Describes the actions associated with a rule.
Write to a DynamoDB table.
The name of the DynamoDB table.
The ARN of the IAM role that grants access to the DynamoDB table.
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
The hash key name.
The hash key value.
The hash key type. Valid values are "STRING" or "NUMBER"
The range key name.
The range key value.
The range key type. Valid values are "STRING" or "NUMBER"
The action payload. This name can be customized.
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
The ARN of the IAM role that grants access to the DynamoDB table.
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
The table where the message data will be written.
Invoke a Lambda function.
The ARN of the Lambda function.
Publish to an Amazon SNS topic.
The ARN of the SNS topic.
The ARN of the IAM role that grants access.
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
Publish to an Amazon SQS queue.
The ARN of the IAM role that grants access.
The URL of the Amazon SQS queue.
Specifies whether to use Base64 encoding.
Write data to an Amazon Kinesis stream.
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
The name of the Amazon Kinesis stream.
The partition key.
Publish to another MQTT topic.
The ARN of the IAM role that grants access.
The name of the MQTT topic.
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
Write to an Amazon S3 bucket.
The ARN of the IAM role that grants access.
The Amazon S3 bucket.
The object key. For more information, see Actions, resources, and condition keys for Amazon S3 .
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .
Write to an Amazon Kinesis Firehose stream.
The IAM role that grants access to the Amazon Kinesis Firehose stream.
The delivery stream name.
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
Whether to deliver the Kinesis Data Firehose stream as a batch by using ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ . The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ request. The resulting array can't have more than 500 records.
Capture a CloudWatch metric.
The IAM role that allows access to the CloudWatch metric.
The CloudWatch metric namespace name.
The CloudWatch metric name.
The CloudWatch metric value.
The metric unit supported by CloudWatch.
An optional Unix timestamp .
Change the state of a CloudWatch alarm.
The IAM role that allows access to the CloudWatch alarm.
The CloudWatch alarm name.
The reason for the alarm change.
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
Send data to CloudWatch Logs.
The IAM role that allows access to the CloudWatch log.
The CloudWatch log group to which the action sends data.
Write data to an Amazon Elasticsearch Service domain.
The IAM role ARN that has access to Elasticsearch.
The endpoint of your Elasticsearch domain.
The Elasticsearch index where you want to store your data.
The type of document you are storing.
The unique identifier for the document you are storing.
Send a message to a Salesforce IoT Cloud Input Stream.
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
Sends message data to an AWS IoT Analytics channel.
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
The name of the IoT Analytics channel to which message data will be sent.
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by ` BatchPutMessage https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html`__ to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
Sends an input to an AWS IoT Events detector.
The name of the AWS IoT Events input.
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling ` BatchPutMessage https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html`__ . The resulting array can't have more than 10 messages.
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
A list of asset property value entries.
An asset property value entry containing the following information.
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
An asset property value entry containing the following information.
The value of the asset property.
Optional. The string value of the value entry. Accepts substitution templates.
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
Optional. A string that contains the boolean value (true or false ) of the value entry. Accepts substitution templates.
The asset property value timestamp.
A string that contains the time in seconds since epoch. Accepts substitution templates.
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ("Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
Starts execution of a Step Functions state machine.
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
The name of the Step Functions state machine whose execution will be started.
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
The ARN of the role that grants permission to write to the Amazon Timestream database table.
The name of an Amazon Timestream database.
The name of the database table into which to write the measure records.
Metadata attributes of the time series that are written in each measure record.
Metadata attributes of the time series that are written in each measure record.
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon (: ) character.
The value to write in this column of the database record.
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
An expression that returns a long epoch time value.
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
Send data to an HTTPS endpoint.
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
The HTTP headers to send with the message data.
The HTTP action header.
The HTTP header key.
The HTTP header value. Substitution templates are supported.
The authentication method to use when sending data to an HTTPS endpoint.
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process .
The signing region.
The service name to use while signing with Sig V4.
The ARN of the signing role.
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
The ARN of Kafka action's VPC TopicRuleDestination .
The Kafka topic for messages to be sent to the Kafka broker.
The Kafka message key.
The Kafka message partition.
Properties of the Apache Kafka producer client.
Specifies whether the rule is disabled.
The version of the SQL rules engine to use when evaluating the rule.
The action to perform when an error occurs.
Write to a DynamoDB table.
The name of the DynamoDB table.
The ARN of the IAM role that grants access to the DynamoDB table.
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
The hash key name.
The hash key value.
The hash key type. Valid values are "STRING" or "NUMBER"
The range key name.
The range key value.
The range key type. Valid values are "STRING" or "NUMBER"
The action payload. This name can be customized.
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
The ARN of the IAM role that grants access to the DynamoDB table.
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
The table where the message data will be written.
Invoke a Lambda function.
The ARN of the Lambda function.
Publish to an Amazon SNS topic.
The ARN of the SNS topic.
The ARN of the IAM role that grants access.
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
Publish to an Amazon SQS queue.
The ARN of the IAM role that grants access.
The URL of the Amazon SQS queue.
Specifies whether to use Base64 encoding.
Write data to an Amazon Kinesis stream.
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
The name of the Amazon Kinesis stream.
The partition key.
Publish to another MQTT topic.
The ARN of the IAM role that grants access.
The name of the MQTT topic.
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
Write to an Amazon S3 bucket.
The ARN of the IAM role that grants access.
The Amazon S3 bucket.
The object key. For more information, see Actions, resources, and condition keys for Amazon S3 .
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .
Write to an Amazon Kinesis Firehose stream.
The IAM role that grants access to the Amazon Kinesis Firehose stream.
The delivery stream name.
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
Whether to deliver the Kinesis Data Firehose stream as a batch by using ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ . The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ request. The resulting array can't have more than 500 records.
Capture a CloudWatch metric.
The IAM role that allows access to the CloudWatch metric.
The CloudWatch metric namespace name.
The CloudWatch metric name.
The CloudWatch metric value.
The metric unit supported by CloudWatch.
An optional Unix timestamp .
Change the state of a CloudWatch alarm.
The IAM role that allows access to the CloudWatch alarm.
The CloudWatch alarm name.
The reason for the alarm change.
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
Send data to CloudWatch Logs.
The IAM role that allows access to the CloudWatch log.
The CloudWatch log group to which the action sends data.
Write data to an Amazon Elasticsearch Service domain.
The IAM role ARN that has access to Elasticsearch.
The endpoint of your Elasticsearch domain.
The Elasticsearch index where you want to store your data.
The type of document you are storing.
The unique identifier for the document you are storing.
Send a message to a Salesforce IoT Cloud Input Stream.
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
Sends message data to an AWS IoT Analytics channel.
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
The name of the IoT Analytics channel to which message data will be sent.
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by ` BatchPutMessage https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html`__ to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
Sends an input to an AWS IoT Events detector.
The name of the AWS IoT Events input.
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling ` BatchPutMessage https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html`__ . The resulting array can't have more than 10 messages.
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
A list of asset property value entries.
An asset property value entry containing the following information.
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
An asset property value entry containing the following information.
The value of the asset property.
Optional. The string value of the value entry. Accepts substitution templates.
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
Optional. A string that contains the boolean value (true or false ) of the value entry. Accepts substitution templates.
The asset property value timestamp.
A string that contains the time in seconds since epoch. Accepts substitution templates.
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ("Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
Starts execution of a Step Functions state machine.
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
The name of the Step Functions state machine whose execution will be started.
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
The ARN of the role that grants permission to write to the Amazon Timestream database table.
The name of an Amazon Timestream database.
The name of the database table into which to write the measure records.
Metadata attributes of the time series that are written in each measure record.
Metadata attributes of the time series that are written in each measure record.
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon (: ) character.
The value to write in this column of the database record.
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
An expression that returns a long epoch time value.
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
Send data to an HTTPS endpoint.
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
The HTTP headers to send with the message data.
The HTTP action header.
The HTTP header key.
The HTTP header value. Substitution templates are supported.
The authentication method to use when sending data to an HTTPS endpoint.
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process .
The signing region.
The service name to use while signing with Sig V4.
The ARN of the signing role.
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
The ARN of Kafka action's VPC TopicRuleDestination .
The Kafka topic for messages to be sent to the Kafka broker.
The Kafka message key.
The Kafka message partition.
Properties of the Apache Kafka producer client.
Exceptions
Gets information about a topic rule destination.
See also: AWS API Documentation
Request Syntax
response = client.get_topic_rule_destination(
arn='string'
)
[REQUIRED]
The ARN of the topic rule destination.
{
'topicRuleDestination': {
'arn': 'string',
'status': 'ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'statusReason': 'string',
'httpUrlProperties': {
'confirmationUrl': 'string'
},
'vpcProperties': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
}
}
Response Structure
The topic rule destination.
The topic rule destination URL.
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
The date and time when the topic rule destination was created.
The date and time when the topic rule destination was last updated.
Additional details or reason why the topic rule destination is in the current status.
Properties of the HTTP URL.
The URL used to confirm the HTTP topic rule destination URL.
Properties of the virtual private cloud (VPC) connection.
The subnet IDs of the VPC destination.
The security groups of the VPC destination.
The ID of the VPC.
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
Exceptions
Gets the fine grained logging options.
See also: AWS API Documentation
Request Syntax
response = client.get_v2_logging_options()
{
'roleArn': 'string',
'defaultLogLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED',
'disableAllLogs': True|False
}
Response Structure
The IAM role ARN AWS IoT uses to write to your CloudWatch logs.
The default log level.
Disables all logs.
Exceptions
Returns an object that can wait for some condition.
Lists the active violations for a given Device Defender security profile.
See also: AWS API Documentation
Request Syntax
response = client.list_active_violations(
thingName='string',
securityProfileName='string',
behaviorCriteriaType='STATIC'|'STATISTICAL'|'MACHINE_LEARNING',
listSuppressedAlerts=True|False,
nextToken='string',
maxResults=123
)
dict
Response Syntax
{
'activeViolations': [
{
'violationId': 'string',
'thingName': 'string',
'securityProfileName': 'string',
'behavior': {
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
'lastViolationValue': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'violationEventAdditionalInfo': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
},
'lastViolationTime': datetime(2015, 1, 1),
'violationStartTime': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
activeViolations (list) --
The list of active violations.
(dict) --
Information about an active Device Defender security profile behavior violation.
violationId (string) --
The ID of the active violation.
thingName (string) --
The name of the thing responsible for the active violation.
securityProfileName (string) --
The security profile with the behavior is in violation.
behavior (dict) --
The behavior that is being violated.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
lastViolationValue (dict) --
The value of the metric (the measurement) that caused the most recent violation.
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
violationEventAdditionalInfo (dict) --
The details of a violation event.
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
lastViolationTime (datetime) --
The time the most recent violation occurred.
violationStartTime (datetime) --
The time the violation started.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Lists the policies attached to the specified thing group.
See also: AWS API Documentation
Request Syntax
response = client.list_attached_policies(
target='string',
recursive=True|False,
marker='string',
pageSize=123
)
[REQUIRED]
The group or principal for which the policies will be listed. Valid principals are CertificateArn (arn:aws:iot:region :accountId :cert/certificateId ), thingGroupArn (arn:aws:iot:region :accountId :thinggroup/groupName ) and CognitoId (region :id ).
dict
Response Syntax
{
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
policies (list) --
The policies.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
nextMarker (string) --
The token to retrieve the next set of results, or null if there are no more results.
Exceptions
Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 90 days.)
See also: AWS API Documentation
Request Syntax
response = client.list_audit_findings(
taskId='string',
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
listSuppressedFindings=True|False
)
Information identifying the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
dict
Response Syntax
{
'findings': [
{
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string',
'isSuppressed': True|False
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
findings (list) --
The findings (results) of the audit.
(dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the noncompliant resource.
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the resource.
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
isSuppressed (boolean) --
Indicates whether the audit finding was suppressed or not during reporting.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Gets the status of audit mitigation action tasks that were executed.
See also: AWS API Documentation
Request Syntax
response = client.list_audit_mitigation_actions_executions(
taskId='string',
actionStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'|'SKIPPED'|'PENDING',
findingId='string',
maxResults=123,
nextToken='string'
)
[REQUIRED]
Specify this filter to limit results to actions for a specific audit mitigation actions task.
[REQUIRED]
Specify this filter to limit results to those that were applied to a specific audit finding.
dict
Response Syntax
{
'actionsExecutions': [
{
'taskId': 'string',
'findingId': 'string',
'actionName': 'string',
'actionId': 'string',
'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'|'SKIPPED'|'PENDING',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'errorCode': 'string',
'message': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
actionsExecutions (list) --
A set of task execution results based on the input parameters. Details include the mitigation action applied, start time, and task status.
(dict) --
Returned by ListAuditMitigationActionsTask, this object contains information that describes a mitigation action that has been started.
taskId (string) --
The unique identifier for the task that applies the mitigation action.
findingId (string) --
The unique identifier for the findings to which the task and associated mitigation action are applied.
actionName (string) --
The friendly name of the mitigation action being applied by the task.
actionId (string) --
The unique identifier for the mitigation action being applied by the task.
status (string) --
The current status of the task being executed.
startTime (datetime) --
The date and time when the task was started.
endTime (datetime) --
The date and time when the task was completed or canceled. Blank if the task is still running.
errorCode (string) --
If an error occurred, the code that indicates which type of error occurred.
message (string) --
If an error occurred, a message that describes the error.
nextToken (string) --
The token for the next set of results.
Exceptions
Gets a list of audit mitigation action tasks that match the specified filters.
See also: AWS API Documentation
Request Syntax
response = client.list_audit_mitigation_actions_tasks(
auditTaskId='string',
findingId='string',
taskStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1)
)
[REQUIRED]
Specify this filter to limit results to tasks that began on or after a specific date and time.
[REQUIRED]
Specify this filter to limit results to tasks that were completed or canceled on or before a specific date and time.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'startTime': datetime(2015, 1, 1),
'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The collection of audit mitigation tasks that matched the filter criteria.
(dict) --
Information about an audit mitigation actions task that is returned by ListAuditMitigationActionsTasks .
taskId (string) --
The unique identifier for the task.
startTime (datetime) --
The time at which the audit mitigation actions task was started.
taskStatus (string) --
The current state of the audit mitigation actions task.
nextToken (string) --
The token for the next set of results.
Exceptions
Lists your Device Defender audit listings.
See also: AWS API Documentation
Request Syntax
response = client.list_audit_suppressions(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
ascendingOrder=True|False,
nextToken='string',
maxResults=123
)
Information that identifies the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
dict
Response Syntax
{
'suppressions': [
{
'checkName': 'string',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'expirationDate': datetime(2015, 1, 1),
'suppressIndefinitely': True|False,
'description': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
suppressions (list) --
List of audit suppressions.
(dict) --
Filters out specific findings of a Device Defender audit.
checkName (string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
expirationDate (datetime) --
The expiration date (epoch timestamp in seconds) that you want the suppression to adhere to.
suppressIndefinitely (boolean) --
Indicates whether a suppression should exist indefinitely or not.
description (string) --
The description of the audit suppression.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Lists the Device Defender audits that have been performed during a given time period.
See also: AWS API Documentation
Request Syntax
response = client.list_audit_tasks(
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
taskType='ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK',
taskStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
nextToken='string',
maxResults=123
)
[REQUIRED]
The beginning of the time period. Audit information is retained for a limited time (90 days). Requesting a start time prior to what is retained results in an "InvalidRequestException".
[REQUIRED]
The end of the time period.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
'taskType': 'ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The audits that were performed during the specified time period.
(dict) --
The audits that were performed.
taskId (string) --
The ID of this audit.
taskStatus (string) --
The status of this audit. One of "IN_PROGRESS", "COMPLETED", "FAILED", or "CANCELED".
taskType (string) --
The type of this audit. One of "ON_DEMAND_AUDIT_TASK" or "SCHEDULED_AUDIT_TASK".
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Lists the authorizers registered in your account.
See also: AWS API Documentation
Request Syntax
response = client.list_authorizers(
pageSize=123,
marker='string',
ascendingOrder=True|False,
status='ACTIVE'|'INACTIVE'
)
dict
Response Syntax
{
'authorizers': [
{
'authorizerName': 'string',
'authorizerArn': 'string'
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
authorizers (list) --
The authorizers.
(dict) --
The authorizer summary.
authorizerName (string) --
The authorizer name.
authorizerArn (string) --
The authorizer ARN.
nextMarker (string) --
A marker used to get the next set of results.
Exceptions
Lists the billing groups you have created.
See also: AWS API Documentation
Request Syntax
response = client.list_billing_groups(
nextToken='string',
maxResults=123,
namePrefixFilter='string'
)
dict
Response Syntax
{
'billingGroups': [
{
'groupName': 'string',
'groupArn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
billingGroups (list) --
The list of billing groups.
(dict) --
The name and ARN of a group.
groupName (string) --
The group name.
groupArn (string) --
The group ARN.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
Lists the CA certificates registered for your AWS account.
The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.
See also: AWS API Documentation
Request Syntax
response = client.list_ca_certificates(
pageSize=123,
marker='string',
ascendingOrder=True|False
)
dict
Response Syntax
{
'certificates': [
{
'certificateArn': 'string',
'certificateId': 'string',
'status': 'ACTIVE'|'INACTIVE',
'creationDate': datetime(2015, 1, 1)
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
The output from the ListCACertificates operation.
certificates (list) --
The CA certificates registered in your AWS account.
(dict) --
A CA certificate.
certificateArn (string) --
The ARN of the CA certificate.
certificateId (string) --
The ID of the CA certificate.
status (string) --
The status of the CA certificate.
The status value REGISTER_INACTIVE is deprecated and should not be used.
creationDate (datetime) --
The date the CA certificate was created.
nextMarker (string) --
The current position within the list of CA certificates.
Exceptions
Lists the certificates registered in your AWS account.
The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.
See also: AWS API Documentation
Request Syntax
response = client.list_certificates(
pageSize=123,
marker='string',
ascendingOrder=True|False
)
dict
Response Syntax
{
'certificates': [
{
'certificateArn': 'string',
'certificateId': 'string',
'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
'certificateMode': 'DEFAULT'|'SNI_ONLY',
'creationDate': datetime(2015, 1, 1)
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
The output of the ListCertificates operation.
certificates (list) --
The descriptions of the certificates.
(dict) --
Information about a certificate.
certificateArn (string) --
The ARN of the certificate.
certificateId (string) --
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
status (string) --
The status of the certificate.
The status value REGISTER_INACTIVE is deprecated and should not be used.
certificateMode (string) --
The mode of the certificate.
creationDate (datetime) --
The date and time the certificate was created.
nextMarker (string) --
The marker for the next set of results, or null if there are no additional results.
Exceptions
List the device certificates signed by the specified CA certificate.
See also: AWS API Documentation
Request Syntax
response = client.list_certificates_by_ca(
caCertificateId='string',
pageSize=123,
marker='string',
ascendingOrder=True|False
)
[REQUIRED]
The ID of the CA certificate. This operation will list all registered device certificate that were signed by this CA certificate.
dict
Response Syntax
{
'certificates': [
{
'certificateArn': 'string',
'certificateId': 'string',
'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
'certificateMode': 'DEFAULT'|'SNI_ONLY',
'creationDate': datetime(2015, 1, 1)
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
The output of the ListCertificatesByCA operation.
certificates (list) --
The device certificates signed by the specified CA certificate.
(dict) --
Information about a certificate.
certificateArn (string) --
The ARN of the certificate.
certificateId (string) --
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
status (string) --
The status of the certificate.
The status value REGISTER_INACTIVE is deprecated and should not be used.
certificateMode (string) --
The mode of the certificate.
creationDate (datetime) --
The date and time the certificate was created.
nextMarker (string) --
The marker for the next set of results, or null if there are no additional results.
Exceptions
Lists your Device Defender detect custom metrics.
See also: AWS API Documentation
Request Syntax
response = client.list_custom_metrics(
nextToken='string',
maxResults=123
)
dict
Response Syntax
{
'metricNames': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
metricNames (list) --
The name of the custom metric.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Lists mitigation actions executions for a Device Defender ML Detect Security Profile.
See also: AWS API Documentation
Request Syntax
response = client.list_detect_mitigation_actions_executions(
taskId='string',
violationId='string',
thingName='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
maxResults=123,
nextToken='string'
)
dict
Response Syntax
{
'actionsExecutions': [
{
'taskId': 'string',
'violationId': 'string',
'actionName': 'string',
'thingName': 'string',
'executionStartDate': datetime(2015, 1, 1),
'executionEndDate': datetime(2015, 1, 1),
'status': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'SKIPPED',
'errorCode': 'string',
'message': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
actionsExecutions (list) --
List of actions executions.
(dict) --
Describes which mitigation actions should be executed.
taskId (string) --
The unique identifier of the task.
violationId (string) --
The unique identifier of the violation.
actionName (string) --
The friendly name that uniquely identifies the mitigation action.
thingName (string) --
The name of the thing.
executionStartDate (datetime) --
The date a mitigation action was started.
executionEndDate (datetime) --
The date a mitigation action ended.
status (string) --
The status of a mitigation action.
errorCode (string) --
The error code of a mitigation action.
message (string) --
The message of a mitigation action.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
List of Device Defender ML Detect mitigation actions tasks.
See also: AWS API Documentation
Request Syntax
response = client.list_detect_mitigation_actions_tasks(
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1)
)
[REQUIRED]
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
[REQUIRED]
The end of the time period for which ML Detect mitigation actions tasks are returned.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'taskStatus': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'CANCELED',
'taskStartTime': datetime(2015, 1, 1),
'taskEndTime': datetime(2015, 1, 1),
'target': {
'violationIds': [
'string',
],
'securityProfileName': 'string',
'behaviorName': 'string'
},
'violationEventOccurrenceRange': {
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1)
},
'onlyActiveViolationsIncluded': True|False,
'suppressedAlertsIncluded': True|False,
'actionsDefinition': [
{
'name': 'string',
'id': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
},
],
'taskStatistics': {
'actionsExecuted': 123,
'actionsSkipped': 123,
'actionsFailed': 123
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The collection of ML Detect mitigation tasks that matched the filter criteria.
(dict) --
The summary of the mitigation action tasks.
taskId (string) --
The unique identifier of the task.
taskStatus (string) --
The status of the task.
taskStartTime (datetime) --
The date the task started.
taskEndTime (datetime) --
The date the task ended.
target (dict) --
Specifies the ML Detect findings to which the mitigation actions are applied.
violationIds (list) --
The unique identifiers of the violations.
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
violationEventOccurrenceRange (dict) --
Specifies the time period of which violation events occurred between.
startTime (datetime) --
The start date and time of a time period in which violation events occurred.
endTime (datetime) --
The end date and time of a time period in which violation events occurred.
onlyActiveViolationsIncluded (boolean) --
Includes only active violations.
suppressedAlertsIncluded (boolean) --
Includes suppressed alerts.
actionsDefinition (list) --
The definition of the actions.
(dict) --
Describes which changes should be applied as part of a mitigation action.
name (string) --
A user-friendly name for the mitigation action.
id (string) --
A unique identifier for the mitigation action.
roleArn (string) --
The IAM role ARN used to apply this mitigation action.
actionParams (dict) --
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) --
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) --
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) --
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) --
The name of the template to be applied. The only supported value is BLANK_POLICY .
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging (string) --
The Amazon Resource Name (ARN) of the IAM role used for logging.
logLevel (string) --
Specifies the type of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) --
The ARN of the topic to which you want to publish the findings.
taskStatistics (dict) --
The statistics of a mitigation action task.
actionsExecuted (integer) --
The actions that were performed.
actionsSkipped (integer) --
The actions that were skipped.
actionsFailed (integer) --
The actions that failed.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
List the set of dimensions that are defined for your AWS account.
See also: AWS API Documentation
Request Syntax
response = client.list_dimensions(
nextToken='string',
maxResults=123
)
dict
Response Syntax
{
'dimensionNames': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
dimensionNames (list) --
A list of the names of the defined dimensions. Use DescribeDimension to get details for a dimension.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Gets a list of domain configurations for the user. This list is sorted alphabetically by domain configuration name.
See also: AWS API Documentation
Request Syntax
response = client.list_domain_configurations(
marker='string',
pageSize=123,
serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS'
)
dict
Response Syntax
{
'domainConfigurations': [
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string',
'serviceType': 'DATA'|'CREDENTIAL_PROVIDER'|'JOBS'
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
domainConfigurations (list) --
A list of objects that contain summary information about the user's domain configurations.
(dict) --
The summary of a domain configuration. A domain configuration specifies custom IoT-specific information about a domain. A domain configuration can be associated with an AWS-managed domain (for example, dbc123defghijk.iot.us-west-2.amazonaws.com), a customer managed domain, or a default endpoint.
domainConfigurationName (string) --
The name of the domain configuration. This value must be unique to a region.
domainConfigurationArn (string) --
The ARN of the domain configuration.
serviceType (string) --
The type of service delivered by the endpoint.
nextMarker (string) --
The marker for the next set of results.
Exceptions
Lists the search indices.
See also: AWS API Documentation
Request Syntax
response = client.list_indices(
nextToken='string',
maxResults=123
)
dict
Response Syntax
{
'indexNames': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
indexNames (list) --
The index names.
nextToken (string) --
The token used to get the next set of results, or null if there are no additional results.
Exceptions
Lists the job executions for a job.
See also: AWS API Documentation
Request Syntax
response = client.list_job_executions_for_job(
jobId='string',
status='QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
maxResults=123,
nextToken='string'
)
[REQUIRED]
The unique identifier you assigned to this job when it was created.
dict
Response Syntax
{
'executionSummaries': [
{
'thingArn': 'string',
'jobExecutionSummary': {
'status': 'QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
'queuedAt': datetime(2015, 1, 1),
'startedAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'executionNumber': 123
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
executionSummaries (list) --
A list of job execution summaries.
(dict) --
Contains a summary of information about job executions for a specific job.
thingArn (string) --
The ARN of the thing on which the job execution is running.
jobExecutionSummary (dict) --
Contains a subset of information about a job execution.
status (string) --
The status of the job execution.
queuedAt (datetime) --
The time, in seconds since the epoch, when the job execution was queued.
startedAt (datetime) --
The time, in seconds since the epoch, when the job execution started.
lastUpdatedAt (datetime) --
The time, in seconds since the epoch, when the job execution was last updated.
executionNumber (integer) --
A string (consisting of the digits "0" through "9") which identifies this particular job execution on this particular device. It can be used later in commands which return or update job execution information.
nextToken (string) --
The token for the next set of results, or null if there are no additional results.
Exceptions
Lists the job executions for the specified thing.
See also: AWS API Documentation
Request Syntax
response = client.list_job_executions_for_thing(
thingName='string',
status='QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
namespaceId='string',
maxResults=123,
nextToken='string'
)
[REQUIRED]
The thing name.
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
dict
Response Syntax
{
'executionSummaries': [
{
'jobId': 'string',
'jobExecutionSummary': {
'status': 'QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
'queuedAt': datetime(2015, 1, 1),
'startedAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'executionNumber': 123
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
executionSummaries (list) --
A list of job execution summaries.
(dict) --
The job execution summary for a thing.
jobId (string) --
The unique identifier you assigned to this job when it was created.
jobExecutionSummary (dict) --
Contains a subset of information about a job execution.
status (string) --
The status of the job execution.
queuedAt (datetime) --
The time, in seconds since the epoch, when the job execution was queued.
startedAt (datetime) --
The time, in seconds since the epoch, when the job execution started.
lastUpdatedAt (datetime) --
The time, in seconds since the epoch, when the job execution was last updated.
executionNumber (integer) --
A string (consisting of the digits "0" through "9") which identifies this particular job execution on this particular device. It can be used later in commands which return or update job execution information.
nextToken (string) --
The token for the next set of results, or null if there are no additional results.
Exceptions
Returns a list of job templates.
See also: AWS API Documentation
Request Syntax
response = client.list_job_templates(
maxResults=123,
nextToken='string'
)
dict
Response Syntax
{
'jobTemplates': [
{
'jobTemplateArn': 'string',
'jobTemplateId': 'string',
'description': 'string',
'createdAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
jobTemplates (list) --
A list of objects that contain information about the job templates.
(dict) --
An object that contains information about the job template.
jobTemplateArn (string) --
The ARN of the job template.
jobTemplateId (string) --
The unique identifier of the job template.
description (string) --
A description of the job template.
createdAt (datetime) --
The time, in seconds since the epoch, when the job template was created.
nextToken (string) --
The token for the next set of results, or null if there are no additional results.
Exceptions
Lists jobs.
See also: AWS API Documentation
Request Syntax
response = client.list_jobs(
status='IN_PROGRESS'|'CANCELED'|'COMPLETED'|'DELETION_IN_PROGRESS',
targetSelection='CONTINUOUS'|'SNAPSHOT',
maxResults=123,
nextToken='string',
thingGroupName='string',
thingGroupId='string',
namespaceId='string'
)
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
dict
Response Syntax
{
'jobs': [
{
'jobArn': 'string',
'jobId': 'string',
'thingGroupId': 'string',
'targetSelection': 'CONTINUOUS'|'SNAPSHOT',
'status': 'IN_PROGRESS'|'CANCELED'|'COMPLETED'|'DELETION_IN_PROGRESS',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'completedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
jobs (list) --
A list of jobs.
(dict) --
The job summary.
jobArn (string) --
The job ARN.
jobId (string) --
The unique identifier you assigned to this job when it was created.
thingGroupId (string) --
The ID of the thing group.
targetSelection (string) --
Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a thing when the thing is added to a target group, even after the job was completed by all things originally in the group.
status (string) --
The job summary status.
createdAt (datetime) --
The time, in seconds since the epoch, when the job was created.
lastUpdatedAt (datetime) --
The time, in seconds since the epoch, when the job was last updated.
completedAt (datetime) --
The time, in seconds since the epoch, when the job completed.
nextToken (string) --
The token for the next set of results, or null if there are no additional results.
Exceptions
Gets a list of all mitigation actions that match the specified filter criteria.
See also: AWS API Documentation
Request Syntax
response = client.list_mitigation_actions(
actionType='UPDATE_DEVICE_CERTIFICATE'|'UPDATE_CA_CERTIFICATE'|'ADD_THINGS_TO_THING_GROUP'|'REPLACE_DEFAULT_POLICY_VERSION'|'ENABLE_IOT_LOGGING'|'PUBLISH_FINDING_TO_SNS',
maxResults=123,
nextToken='string'
)
dict
Response Syntax
{
'actionIdentifiers': [
{
'actionName': 'string',
'actionArn': 'string',
'creationDate': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
actionIdentifiers (list) --
A set of actions that matched the specified filter criteria.
(dict) --
Information that identifies a mitigation action. This information is returned by ListMitigationActions.
actionName (string) --
The friendly name of the mitigation action.
actionArn (string) --
The IAM role ARN used to apply this mitigation action.
creationDate (datetime) --
The date when this mitigation action was created.
nextToken (string) --
The token for the next set of results.
Exceptions
Lists OTA updates.
See also: AWS API Documentation
Request Syntax
response = client.list_ota_updates(
maxResults=123,
nextToken='string',
otaUpdateStatus='CREATE_PENDING'|'CREATE_IN_PROGRESS'|'CREATE_COMPLETE'|'CREATE_FAILED'
)
dict
Response Syntax
{
'otaUpdates': [
{
'otaUpdateId': 'string',
'otaUpdateArn': 'string',
'creationDate': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
otaUpdates (list) --
A list of OTA update jobs.
(dict) --
An OTA update summary.
otaUpdateId (string) --
The OTA update ID.
otaUpdateArn (string) --
The OTA update ARN.
creationDate (datetime) --
The date when the OTA update was created.
nextToken (string) --
A token to use to get the next set of results.
Exceptions
Lists certificates that are being transferred but not yet accepted.
See also: AWS API Documentation
Request Syntax
response = client.list_outgoing_certificates(
pageSize=123,
marker='string',
ascendingOrder=True|False
)
dict
Response Syntax
{
'outgoingCertificates': [
{
'certificateArn': 'string',
'certificateId': 'string',
'transferredTo': 'string',
'transferDate': datetime(2015, 1, 1),
'transferMessage': 'string',
'creationDate': datetime(2015, 1, 1)
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
The output from the ListOutgoingCertificates operation.
outgoingCertificates (list) --
The certificates that are being transferred but not yet accepted.
(dict) --
A certificate that has been transferred but not yet accepted.
certificateArn (string) --
The certificate ARN.
certificateId (string) --
The certificate ID.
transferredTo (string) --
The AWS account to which the transfer was made.
transferDate (datetime) --
The date the transfer was initiated.
transferMessage (string) --
The transfer message.
creationDate (datetime) --
The certificate creation date.
nextMarker (string) --
The marker for the next set of results.
Exceptions
Lists your policies.
See also: AWS API Documentation
Request Syntax
response = client.list_policies(
marker='string',
pageSize=123,
ascendingOrder=True|False
)
dict
Response Syntax
{
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
The output from the ListPolicies operation.
policies (list) --
The descriptions of the policies.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
nextMarker (string) --
The marker for the next set of results, or null if there are no additional results.
Exceptions
Lists the principals associated with the specified policy.
Note: This API is deprecated. Please use ListTargetsForPolicy instead.
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response = client.list_policy_principals(
policyName='string',
marker='string',
pageSize=123,
ascendingOrder=True|False
)
[REQUIRED]
The policy name.
dict
Response Syntax
{
'principals': [
'string',
],
'nextMarker': 'string'
}
Response Structure
(dict) --
The output from the ListPolicyPrincipals operation.
principals (list) --
The descriptions of the principals.
nextMarker (string) --
The marker for the next set of results, or null if there are no additional results.
Exceptions
Lists the versions of the specified policy and identifies the default version.
See also: AWS API Documentation
Request Syntax
response = client.list_policy_versions(
policyName='string'
)
[REQUIRED]
The policy name.
{
'policyVersions': [
{
'versionId': 'string',
'isDefaultVersion': True|False,
'createDate': datetime(2015, 1, 1)
},
]
}
Response Structure
The output from the ListPolicyVersions operation.
The policy versions.
Describes a policy version.
The policy version ID.
Specifies whether the policy version is the default.
The date and time the policy was created.
Exceptions
Lists the policies attached to the specified principal. If you use an Cognito identity, the ID must be in AmazonCognito Identity format .
Note: This API is deprecated. Please use ListAttachedPolicies instead.
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response = client.list_principal_policies(
principal='string',
marker='string',
pageSize=123,
ascendingOrder=True|False
)
[REQUIRED]
The principal. Valid principals are CertificateArn (arn:aws:iot:region :accountId :cert/certificateId ), thingGroupArn (arn:aws:iot:region :accountId :thinggroup/groupName ) and CognitoId (region :id ).
dict
Response Syntax
{
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
The output from the ListPrincipalPolicies operation.
policies (list) --
The policies.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
nextMarker (string) --
The marker for the next set of results, or null if there are no additional results.
Exceptions
Lists the things associated with the specified principal. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.
See also: AWS API Documentation
Request Syntax
response = client.list_principal_things(
nextToken='string',
maxResults=123,
principal='string'
)
[REQUIRED]
The principal.
dict
Response Syntax
{
'things': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
The output from the ListPrincipalThings operation.
things (list) --
The things.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
A list of fleet provisioning template versions.
See also: AWS API Documentation
Request Syntax
response = client.list_provisioning_template_versions(
templateName='string',
maxResults=123,
nextToken='string'
)
[REQUIRED]
The name of the fleet provisioning template.
dict
Response Syntax
{
'versions': [
{
'versionId': 123,
'creationDate': datetime(2015, 1, 1),
'isDefaultVersion': True|False
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
versions (list) --
The list of fleet provisioning template versions.
(dict) --
A summary of information about a fleet provision template version.
versionId (integer) --
The ID of the fleet privisioning template version.
creationDate (datetime) --
The date when the fleet provisioning template version was created
isDefaultVersion (boolean) --
True if the fleet provisioning template version is the default version, otherwise false.
nextToken (string) --
A token to retrieve the next set of results.
Exceptions
Lists the fleet provisioning templates in your AWS account.
See also: AWS API Documentation
Request Syntax
response = client.list_provisioning_templates(
maxResults=123,
nextToken='string'
)
dict
Response Syntax
{
'templates': [
{
'templateArn': 'string',
'templateName': 'string',
'description': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'enabled': True|False
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
templates (list) --
A list of fleet provisioning templates
(dict) --
A summary of information about a fleet provisioning template.
templateArn (string) --
The ARN of the fleet provisioning template.
templateName (string) --
The name of the fleet provisioning template.
description (string) --
The description of the fleet provisioning template.
creationDate (datetime) --
The date when the fleet provisioning template summary was created.
lastModifiedDate (datetime) --
The date when the fleet provisioning template summary was last modified.
enabled (boolean) --
True if the fleet provision template is enabled, otherwise false.
nextToken (string) --
A token to retrieve the next set of results.
Exceptions
Lists the role aliases registered in your account.
See also: AWS API Documentation
Request Syntax
response = client.list_role_aliases(
pageSize=123,
marker='string',
ascendingOrder=True|False
)
dict
Response Syntax
{
'roleAliases': [
'string',
],
'nextMarker': 'string'
}
Response Structure
(dict) --
roleAliases (list) --
The role aliases.
nextMarker (string) --
A marker used to get the next set of results.
Exceptions
Lists all of your scheduled audits.
See also: AWS API Documentation
Request Syntax
response = client.list_scheduled_audits(
nextToken='string',
maxResults=123
)
dict
Response Syntax
{
'scheduledAudits': [
{
'scheduledAuditName': 'string',
'scheduledAuditArn': 'string',
'frequency': 'DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
'dayOfMonth': 'string',
'dayOfWeek': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
scheduledAudits (list) --
The list of scheduled audits.
(dict) --
Information about the scheduled audit.
scheduledAuditName (string) --
The name of the scheduled audit.
scheduledAuditArn (string) --
The ARN of the scheduled audit.
frequency (string) --
How often the scheduled audit occurs.
dayOfMonth (string) --
The day of the month on which the scheduled audit is run (if the frequency is "MONTHLY"). If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.
dayOfWeek (string) --
The day of the week on which the scheduled audit is run (if the frequency is "WEEKLY" or "BIWEEKLY").
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Lists the Device Defender security profiles you've created. You can filter security profiles by dimension or custom metric.
Note
dimensionName and metricName cannot be used in the same request.
See also: AWS API Documentation
Request Syntax
response = client.list_security_profiles(
nextToken='string',
maxResults=123,
dimensionName='string',
metricName='string'
)
dict
Response Syntax
{
'securityProfileIdentifiers': [
{
'name': 'string',
'arn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
securityProfileIdentifiers (list) --
A list of security profile identifiers (names and ARNs).
(dict) --
Identifying information for a Device Defender security profile.
name (string) --
The name you've given to the security profile.
arn (string) --
The ARN of the security profile.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Lists the Device Defender security profiles attached to a target (thing group).
See also: AWS API Documentation
Request Syntax
response = client.list_security_profiles_for_target(
nextToken='string',
maxResults=123,
recursive=True|False,
securityProfileTargetArn='string'
)
[REQUIRED]
The ARN of the target (thing group) whose attached security profiles you want to get.
dict
Response Syntax
{
'securityProfileTargetMappings': [
{
'securityProfileIdentifier': {
'name': 'string',
'arn': 'string'
},
'target': {
'arn': 'string'
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
securityProfileTargetMappings (list) --
A list of security profiles and their associated targets.
(dict) --
Information about a security profile and the target associated with it.
securityProfileIdentifier (dict) --
Information that identifies the security profile.
name (string) --
The name you've given to the security profile.
arn (string) --
The ARN of the security profile.
target (dict) --
Information about the target (thing group) associated with the security profile.
arn (string) --
The ARN of the security profile.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Lists all of the streams in your AWS account.
See also: AWS API Documentation
Request Syntax
response = client.list_streams(
maxResults=123,
nextToken='string',
ascendingOrder=True|False
)
dict
Response Syntax
{
'streams': [
{
'streamId': 'string',
'streamArn': 'string',
'streamVersion': 123,
'description': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
streams (list) --
A list of streams.
(dict) --
A summary of a stream.
streamId (string) --
The stream ID.
streamArn (string) --
The stream ARN.
streamVersion (integer) --
The stream version.
description (string) --
A description of the stream.
nextToken (string) --
A token used to get the next set of results.
Exceptions
Lists the tags (metadata) you have assigned to the resource.
See also: AWS API Documentation
Request Syntax
response = client.list_tags_for_resource(
resourceArn='string',
nextToken='string'
)
[REQUIRED]
The ARN of the resource.
dict
Response Syntax
{
'tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
tags (list) --
The list of tags assigned to the resource.
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) --
The tag's key.
Value (string) --
The tag's value.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
List targets for the specified policy.
See also: AWS API Documentation
Request Syntax
response = client.list_targets_for_policy(
policyName='string',
marker='string',
pageSize=123
)
[REQUIRED]
The policy name.
dict
Response Syntax
{
'targets': [
'string',
],
'nextMarker': 'string'
}
Response Structure
(dict) --
targets (list) --
The policy targets.
nextMarker (string) --
A marker used to get the next set of results.
Exceptions
Lists the targets (thing groups) associated with a given Device Defender security profile.
See also: AWS API Documentation
Request Syntax
response = client.list_targets_for_security_profile(
securityProfileName='string',
nextToken='string',
maxResults=123
)
[REQUIRED]
The security profile.
dict
Response Syntax
{
'securityProfileTargets': [
{
'arn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
securityProfileTargets (list) --
The thing groups to which the security profile is attached.
(dict) --
A target to which an alert is sent when a security profile behavior is violated.
arn (string) --
The ARN of the security profile.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
List the thing groups in your account.
See also: AWS API Documentation
Request Syntax
response = client.list_thing_groups(
nextToken='string',
maxResults=123,
parentGroup='string',
namePrefixFilter='string',
recursive=True|False
)
dict
Response Syntax
{
'thingGroups': [
{
'groupName': 'string',
'groupArn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
thingGroups (list) --
The thing groups.
(dict) --
The name and ARN of a group.
groupName (string) --
The group name.
groupArn (string) --
The group ARN.
nextToken (string) --
The token to use to get the next set of results. Will not be returned if operation has returned all results.
Exceptions
List the thing groups to which the specified thing belongs.
See also: AWS API Documentation
Request Syntax
response = client.list_thing_groups_for_thing(
thingName='string',
nextToken='string',
maxResults=123
)
[REQUIRED]
The thing name.
dict
Response Syntax
{
'thingGroups': [
{
'groupName': 'string',
'groupArn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
thingGroups (list) --
The thing groups.
(dict) --
The name and ARN of a group.
groupName (string) --
The group name.
groupArn (string) --
The group ARN.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
Lists the principals associated with the specified thing. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.
See also: AWS API Documentation
Request Syntax
response = client.list_thing_principals(
nextToken='string',
maxResults=123,
thingName='string'
)
[REQUIRED]
The name of the thing.
dict
Response Syntax
{
'principals': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
The output from the ListThingPrincipals operation.
principals (list) --
The principals associated with the thing.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
Information about the thing registration tasks.
See also: AWS API Documentation
Request Syntax
response = client.list_thing_registration_task_reports(
taskId='string',
reportType='ERRORS'|'RESULTS',
nextToken='string',
maxResults=123
)
[REQUIRED]
The id of the task.
[REQUIRED]
The type of task report.
dict
Response Syntax
{
'resourceLinks': [
'string',
],
'reportType': 'ERRORS'|'RESULTS',
'nextToken': 'string'
}
Response Structure
(dict) --
resourceLinks (list) --
Links to the task resources.
reportType (string) --
The type of task report.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
List bulk thing provisioning tasks.
See also: AWS API Documentation
Request Syntax
response = client.list_thing_registration_tasks(
nextToken='string',
maxResults=123,
status='InProgress'|'Completed'|'Failed'|'Cancelled'|'Cancelling'
)
dict
Response Syntax
{
'taskIds': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
taskIds (list) --
A list of bulk thing provisioning task IDs.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
Lists the existing thing types.
See also: AWS API Documentation
Request Syntax
response = client.list_thing_types(
nextToken='string',
maxResults=123,
thingTypeName='string'
)
dict
Response Syntax
{
'thingTypes': [
{
'thingTypeName': 'string',
'thingTypeArn': 'string',
'thingTypeProperties': {
'thingTypeDescription': 'string',
'searchableAttributes': [
'string',
]
},
'thingTypeMetadata': {
'deprecated': True|False,
'deprecationDate': datetime(2015, 1, 1),
'creationDate': datetime(2015, 1, 1)
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
The output for the ListThingTypes operation.
thingTypes (list) --
The thing types.
(dict) --
The definition of the thing type, including thing type name and description.
thingTypeName (string) --
The name of the thing type.
thingTypeArn (string) --
The thing type ARN.
thingTypeProperties (dict) --
The ThingTypeProperties for the thing type.
thingTypeDescription (string) --
The description of the thing type.
searchableAttributes (list) --
A list of searchable thing attribute names.
thingTypeMetadata (dict) --
The ThingTypeMetadata contains additional information about the thing type including: creation date and time, a value indicating whether the thing type is deprecated, and a date and time when it was deprecated.
deprecated (boolean) --
Whether the thing type is deprecated. If true , no new things could be associated with this type.
deprecationDate (datetime) --
The date and time when the thing type was deprecated.
creationDate (datetime) --
The date and time when the thing type was created.
nextToken (string) --
The token for the next set of results. Will not be returned if operation has returned all results.
Exceptions
Lists your things. Use the attributeName and attributeValue parameters to filter your things. For example, calling ListThings with attributeName=Color and attributeValue=Red retrieves all things in the registry that contain an attribute Color with the value Red .
Note
You will not be charged for calling this API if an Access denied error is returned. You will also not be charged if no attributes or pagination token was provided in request and no pagination token and no results were returned.
See also: AWS API Documentation
Request Syntax
response = client.list_things(
nextToken='string',
maxResults=123,
attributeName='string',
attributeValue='string',
thingTypeName='string',
usePrefixAttributeValue=True|False
)
When true , the action returns the thing resources with attribute values that start with the attributeValue provided.
When false , or not present, the action returns only the thing resources with attribute values that match the entire attributeValue provided.
dict
Response Syntax
{
'things': [
{
'thingName': 'string',
'thingTypeName': 'string',
'thingArn': 'string',
'attributes': {
'string': 'string'
},
'version': 123
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
The output from the ListThings operation.
things (list) --
The things.
(dict) --
The properties of the thing, including thing name, thing type name, and a list of thing attributes.
thingName (string) --
The name of the thing.
thingTypeName (string) --
The name of the thing type, if the thing has been associated with a type.
thingArn (string) --
The thing ARN.
attributes (dict) --
A list of thing attributes which are name-value pairs.
version (integer) --
The version of the thing record in the registry.
nextToken (string) --
The token to use to get the next set of results. Will not be returned if operation has returned all results.
Exceptions
Lists the things you have added to the given billing group.
See also: AWS API Documentation
Request Syntax
response = client.list_things_in_billing_group(
billingGroupName='string',
nextToken='string',
maxResults=123
)
[REQUIRED]
The name of the billing group.
dict
Response Syntax
{
'things': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
things (list) --
A list of things in the billing group.
nextToken (string) --
The token to use to get the next set of results. Will not be returned if operation has returned all results.
Exceptions
Lists the things in the specified group.
See also: AWS API Documentation
Request Syntax
response = client.list_things_in_thing_group(
thingGroupName='string',
recursive=True|False,
nextToken='string',
maxResults=123
)
[REQUIRED]
The thing group name.
dict
Response Syntax
{
'things': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
things (list) --
The things in the specified thing group.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
Lists all the topic rule destinations in your AWS account.
See also: AWS API Documentation
Request Syntax
response = client.list_topic_rule_destinations(
maxResults=123,
nextToken='string'
)
dict
Response Syntax
{
'destinationSummaries': [
{
'arn': 'string',
'status': 'ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'statusReason': 'string',
'httpUrlSummary': {
'confirmationUrl': 'string'
},
'vpcDestinationSummary': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
destinationSummaries (list) --
Information about a topic rule destination.
(dict) --
Information about the topic rule destination.
arn (string) --
The topic rule destination ARN.
status (string) --
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
createdAt (datetime) --
The date and time when the topic rule destination was created.
lastUpdatedAt (datetime) --
The date and time when the topic rule destination was last updated.
statusReason (string) --
The reason the topic rule destination is in the current status.
httpUrlSummary (dict) --
Information about the HTTP URL.
confirmationUrl (string) --
The URL used to confirm ownership of or access to the HTTP topic rule destination URL.
vpcDestinationSummary (dict) --
Information about the virtual private cloud (VPC) connection.
subnetIds (list) --
The subnet IDs of the VPC destination.
securityGroups (list) --
The security groups of the VPC destination.
vpcId (string) --
The ID of the VPC.
roleArn (string) --
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
Lists the rules for the specific topic.
See also: AWS API Documentation
Request Syntax
response = client.list_topic_rules(
topic='string',
maxResults=123,
nextToken='string',
ruleDisabled=True|False
)
dict
Response Syntax
{
'rules': [
{
'ruleArn': 'string',
'ruleName': 'string',
'topicPattern': 'string',
'createdAt': datetime(2015, 1, 1),
'ruleDisabled': True|False
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
The output from the ListTopicRules operation.
rules (list) --
The rules.
(dict) --
Describes a rule.
ruleArn (string) --
The rule ARN.
ruleName (string) --
The name of the rule.
topicPattern (string) --
The pattern for the topic names that apply.
createdAt (datetime) --
The date and time the rule was created.
ruleDisabled (boolean) --
Specifies whether the rule is disabled.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
Lists logging levels.
See also: AWS API Documentation
Request Syntax
response = client.list_v2_logging_levels(
targetType='DEFAULT'|'THING_GROUP',
nextToken='string',
maxResults=123
)
dict
Response Syntax
{
'logTargetConfigurations': [
{
'logTarget': {
'targetType': 'DEFAULT'|'THING_GROUP',
'targetName': 'string'
},
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
logTargetConfigurations (list) --
The logging configuration for a target.
(dict) --
The target configuration.
logTarget (dict) --
A log target
targetType (string) --
The target type.
targetName (string) --
The target name.
logLevel (string) --
The logging level.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Exceptions
Lists the Device Defender security profile violations discovered during the given time period. You can use filters to limit the results to those alerts issued for a particular security profile, behavior, or thing (device).
See also: AWS API Documentation
Request Syntax
response = client.list_violation_events(
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
thingName='string',
securityProfileName='string',
behaviorCriteriaType='STATIC'|'STATISTICAL'|'MACHINE_LEARNING',
listSuppressedAlerts=True|False,
nextToken='string',
maxResults=123
)
[REQUIRED]
The start time for the alerts to be listed.
[REQUIRED]
The end time for the alerts to be listed.
dict
Response Syntax
{
'violationEvents': [
{
'violationId': 'string',
'thingName': 'string',
'securityProfileName': 'string',
'behavior': {
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
'metricValue': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'violationEventAdditionalInfo': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
},
'violationEventType': 'in-alarm'|'alarm-cleared'|'alarm-invalidated',
'violationEventTime': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
violationEvents (list) --
The security profile violation alerts issued for this account during the given time period, potentially filtered by security profile, behavior violated, or thing (device) violating.
(dict) --
Information about a Device Defender security profile behavior violation.
violationId (string) --
The ID of the violation event.
thingName (string) --
The name of the thing responsible for the violation event.
securityProfileName (string) --
The name of the security profile whose behavior was violated.
behavior (dict) --
The behavior that was violated.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
metricValue (dict) --
The value of the metric (the measurement).
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
violationEventAdditionalInfo (dict) --
The details of a violation event.
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
violationEventType (string) --
The type of violation event.
violationEventTime (datetime) --
The time the violation event occurred.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Exceptions
Registers a CA certificate with AWS IoT. This CA certificate can then be used to sign device certificates, which can be then registered with AWS IoT. You can register up to 10 CA certificates per AWS account that have the same subject field. This enables you to have up to 10 certificate authorities sign your device certificates. If you have more than one CA certificate registered, make sure you pass the CA certificate when you register your device certificates with the RegisterCertificate API.
See also: AWS API Documentation
Request Syntax
response = client.register_ca_certificate(
caCertificate='string',
verificationCertificate='string',
setAsActive=True|False,
allowAutoRegistration=True|False,
registrationConfig={
'templateBody': 'string',
'roleArn': 'string'
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The CA certificate.
[REQUIRED]
The private key verification certificate.
Information about the registration configuration.
The template body.
The ARN of the role.
Metadata which can be used to manage the CA certificate.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'certificateArn': 'string',
'certificateId': 'string'
}
Response Structure
(dict) --
The output from the RegisterCACertificateResponse operation.
certificateArn (string) --
The CA certificate ARN.
certificateId (string) --
The CA certificate identifier.
Exceptions
Registers a device certificate with AWS IoT. If you have more than one CA certificate that has the same subject field, you must specify the CA certificate that was used to sign the device certificate being registered.
See also: AWS API Documentation
Request Syntax
response = client.register_certificate(
certificatePem='string',
caCertificatePem='string',
setAsActive=True|False,
status='ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION'
)
[REQUIRED]
The certificate data, in PEM format.
dict
Response Syntax
{
'certificateArn': 'string',
'certificateId': 'string'
}
Response Structure
(dict) --
The output from the RegisterCertificate operation.
certificateArn (string) --
The certificate ARN.
certificateId (string) --
The certificate identifier.
Exceptions
Register a certificate that does not have a certificate authority (CA).
See also: AWS API Documentation
Request Syntax
response = client.register_certificate_without_ca(
certificatePem='string',
status='ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION'
)
[REQUIRED]
The certificate data, in PEM format.
dict
Response Syntax
{
'certificateArn': 'string',
'certificateId': 'string'
}
Response Structure
(dict) --
certificateArn (string) --
The Amazon Resource Name (ARN) of the registered certificate.
certificateId (string) --
The ID of the registered certificate. (The last part of the certificate ARN contains the certificate ID.
Exceptions
Provisions a thing in the device registry. RegisterThing calls other AWS IoT control plane APIs. These calls might exceed your account level AWS IoT Throttling Limits and cause throttle errors. Please contact AWS Customer Support to raise your throttling limits if necessary.
See also: AWS API Documentation
Request Syntax
response = client.register_thing(
templateBody='string',
parameters={
'string': 'string'
}
)
[REQUIRED]
The provisioning template. See Provisioning Devices That Have Device Certificates for more information.
The parameters for provisioning a thing. See Provisioning Templates for more information.
dict
Response Syntax
{
'certificatePem': 'string',
'resourceArns': {
'string': 'string'
}
}
Response Structure
(dict) --
certificatePem (string) --
The certificate data, in PEM format.
resourceArns (dict) --
ARNs for the generated resources.
Exceptions
Rejects a pending certificate transfer. After AWS IoT rejects a certificate transfer, the certificate status changes from PENDING_TRANSFER to INACTIVE .
To check for pending certificate transfers, call ListCertificates to enumerate your certificates.
This operation can only be called by the transfer destination. After it is called, the certificate will be returned to the source's account in the INACTIVE state.
See also: AWS API Documentation
Request Syntax
response = client.reject_certificate_transfer(
certificateId='string',
rejectReason='string'
)
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
None
Exceptions
Removes the given thing from the billing group.
See also: AWS API Documentation
Request Syntax
response = client.remove_thing_from_billing_group(
billingGroupName='string',
billingGroupArn='string',
thingName='string',
thingArn='string'
)
dict
Response Syntax
{}
Response Structure
Exceptions
Remove the specified thing from the specified group.
You must specify either a thingGroupArn or a thingGroupName to identify the thing group and either a thingArn or a thingName to identify the thing to remove from the thing group.
See also: AWS API Documentation
Request Syntax
response = client.remove_thing_from_thing_group(
thingGroupName='string',
thingGroupArn='string',
thingName='string',
thingArn='string'
)
dict
Response Syntax
{}
Response Structure
Exceptions
Replaces the rule. You must specify all parameters for the new rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.
See also: AWS API Documentation
Request Syntax
response = client.replace_topic_rule(
ruleName='string',
topicRulePayload={
'sql': 'string',
'description': 'string',
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
}
}
)
[REQUIRED]
The name of the rule.
[REQUIRED]
The rule payload.
The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference in the AWS IoT Developer Guide .
The description of the rule.
The actions associated with the rule.
Describes the actions associated with a rule.
Write to a DynamoDB table.
The name of the DynamoDB table.
The ARN of the IAM role that grants access to the DynamoDB table.
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
The hash key name.
The hash key value.
The hash key type. Valid values are "STRING" or "NUMBER"
The range key name.
The range key value.
The range key type. Valid values are "STRING" or "NUMBER"
The action payload. This name can be customized.
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
The ARN of the IAM role that grants access to the DynamoDB table.
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
The table where the message data will be written.
Invoke a Lambda function.
The ARN of the Lambda function.
Publish to an Amazon SNS topic.
The ARN of the SNS topic.
The ARN of the IAM role that grants access.
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
Publish to an Amazon SQS queue.
The ARN of the IAM role that grants access.
The URL of the Amazon SQS queue.
Specifies whether to use Base64 encoding.
Write data to an Amazon Kinesis stream.
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
The name of the Amazon Kinesis stream.
The partition key.
Publish to another MQTT topic.
The ARN of the IAM role that grants access.
The name of the MQTT topic.
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
Write to an Amazon S3 bucket.
The ARN of the IAM role that grants access.
The Amazon S3 bucket.
The object key. For more information, see Actions, resources, and condition keys for Amazon S3 .
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .
Write to an Amazon Kinesis Firehose stream.
The IAM role that grants access to the Amazon Kinesis Firehose stream.
The delivery stream name.
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
Whether to deliver the Kinesis Data Firehose stream as a batch by using ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ . The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ request. The resulting array can't have more than 500 records.
Capture a CloudWatch metric.
The IAM role that allows access to the CloudWatch metric.
The CloudWatch metric namespace name.
The CloudWatch metric name.
The CloudWatch metric value.
The metric unit supported by CloudWatch.
An optional Unix timestamp .
Change the state of a CloudWatch alarm.
The IAM role that allows access to the CloudWatch alarm.
The CloudWatch alarm name.
The reason for the alarm change.
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
Send data to CloudWatch Logs.
The IAM role that allows access to the CloudWatch log.
The CloudWatch log group to which the action sends data.
Write data to an Amazon Elasticsearch Service domain.
The IAM role ARN that has access to Elasticsearch.
The endpoint of your Elasticsearch domain.
The Elasticsearch index where you want to store your data.
The type of document you are storing.
The unique identifier for the document you are storing.
Send a message to a Salesforce IoT Cloud Input Stream.
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
Sends message data to an AWS IoT Analytics channel.
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
The name of the IoT Analytics channel to which message data will be sent.
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by ` BatchPutMessage https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html`__ to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
Sends an input to an AWS IoT Events detector.
The name of the AWS IoT Events input.
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling ` BatchPutMessage https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html`__ . The resulting array can't have more than 10 messages.
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
A list of asset property value entries.
An asset property value entry containing the following information.
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
An asset property value entry containing the following information.
The value of the asset property.
Optional. The string value of the value entry. Accepts substitution templates.
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
Optional. A string that contains the boolean value (true or false ) of the value entry. Accepts substitution templates.
The asset property value timestamp.
A string that contains the time in seconds since epoch. Accepts substitution templates.
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ("Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
Starts execution of a Step Functions state machine.
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
The name of the Step Functions state machine whose execution will be started.
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
The ARN of the role that grants permission to write to the Amazon Timestream database table.
The name of an Amazon Timestream database.
The name of the database table into which to write the measure records.
Metadata attributes of the time series that are written in each measure record.
Metadata attributes of the time series that are written in each measure record.
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon (: ) character.
The value to write in this column of the database record.
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
An expression that returns a long epoch time value.
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
Send data to an HTTPS endpoint.
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
The HTTP headers to send with the message data.
The HTTP action header.
The HTTP header key.
The HTTP header value. Substitution templates are supported.
The authentication method to use when sending data to an HTTPS endpoint.
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process .
The signing region.
The service name to use while signing with Sig V4.
The ARN of the signing role.
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
The ARN of Kafka action's VPC TopicRuleDestination .
The Kafka topic for messages to be sent to the Kafka broker.
The Kafka message key.
The Kafka message partition.
Properties of the Apache Kafka producer client.
Specifies whether the rule is disabled.
The version of the SQL rules engine to use when evaluating the rule.
The action to take when an error occurs.
Write to a DynamoDB table.
The name of the DynamoDB table.
The ARN of the IAM role that grants access to the DynamoDB table.
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
The hash key name.
The hash key value.
The hash key type. Valid values are "STRING" or "NUMBER"
The range key name.
The range key value.
The range key type. Valid values are "STRING" or "NUMBER"
The action payload. This name can be customized.
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
The ARN of the IAM role that grants access to the DynamoDB table.
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
The table where the message data will be written.
Invoke a Lambda function.
The ARN of the Lambda function.
Publish to an Amazon SNS topic.
The ARN of the SNS topic.
The ARN of the IAM role that grants access.
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
Publish to an Amazon SQS queue.
The ARN of the IAM role that grants access.
The URL of the Amazon SQS queue.
Specifies whether to use Base64 encoding.
Write data to an Amazon Kinesis stream.
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
The name of the Amazon Kinesis stream.
The partition key.
Publish to another MQTT topic.
The ARN of the IAM role that grants access.
The name of the MQTT topic.
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
Write to an Amazon S3 bucket.
The ARN of the IAM role that grants access.
The Amazon S3 bucket.
The object key. For more information, see Actions, resources, and condition keys for Amazon S3 .
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .
Write to an Amazon Kinesis Firehose stream.
The IAM role that grants access to the Amazon Kinesis Firehose stream.
The delivery stream name.
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
Whether to deliver the Kinesis Data Firehose stream as a batch by using ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ . The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the ` PutRecordBatch https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html`__ request. The resulting array can't have more than 500 records.
Capture a CloudWatch metric.
The IAM role that allows access to the CloudWatch metric.
The CloudWatch metric namespace name.
The CloudWatch metric name.
The CloudWatch metric value.
The metric unit supported by CloudWatch.
An optional Unix timestamp .
Change the state of a CloudWatch alarm.
The IAM role that allows access to the CloudWatch alarm.
The CloudWatch alarm name.
The reason for the alarm change.
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
Send data to CloudWatch Logs.
The IAM role that allows access to the CloudWatch log.
The CloudWatch log group to which the action sends data.
Write data to an Amazon Elasticsearch Service domain.
The IAM role ARN that has access to Elasticsearch.
The endpoint of your Elasticsearch domain.
The Elasticsearch index where you want to store your data.
The type of document you are storing.
The unique identifier for the document you are storing.
Send a message to a Salesforce IoT Cloud Input Stream.
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
Sends message data to an AWS IoT Analytics channel.
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
The name of the IoT Analytics channel to which message data will be sent.
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by ` BatchPutMessage https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html`__ to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
Sends an input to an AWS IoT Events detector.
The name of the AWS IoT Events input.
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling ` BatchPutMessage https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html`__ . The resulting array can't have more than 10 messages.
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
A list of asset property value entries.
An asset property value entry containing the following information.
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
An asset property value entry containing the following information.
The value of the asset property.
Optional. The string value of the value entry. Accepts substitution templates.
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
Optional. A string that contains the boolean value (true or false ) of the value entry. Accepts substitution templates.
The asset property value timestamp.
A string that contains the time in seconds since epoch. Accepts substitution templates.
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ("Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
Starts execution of a Step Functions state machine.
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
The name of the Step Functions state machine whose execution will be started.
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
The ARN of the role that grants permission to write to the Amazon Timestream database table.
The name of an Amazon Timestream database.
The name of the database table into which to write the measure records.
Metadata attributes of the time series that are written in each measure record.
Metadata attributes of the time series that are written in each measure record.
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon (: ) character.
The value to write in this column of the database record.
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
An expression that returns a long epoch time value.
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
Send data to an HTTPS endpoint.
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
The HTTP headers to send with the message data.
The HTTP action header.
The HTTP header key.
The HTTP header value. Substitution templates are supported.
The authentication method to use when sending data to an HTTPS endpoint.
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process .
The signing region.
The service name to use while signing with Sig V4.
The ARN of the signing role.
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
The ARN of Kafka action's VPC TopicRuleDestination .
The Kafka topic for messages to be sent to the Kafka broker.
The Kafka message key.
The Kafka message partition.
Properties of the Apache Kafka producer client.
None
Exceptions
The query search index.
See also: AWS API Documentation
Request Syntax
response = client.search_index(
indexName='string',
queryString='string',
nextToken='string',
maxResults=123,
queryVersion='string'
)
[REQUIRED]
The search query string.
dict
Response Syntax
{
'nextToken': 'string',
'things': [
{
'thingName': 'string',
'thingId': 'string',
'thingTypeName': 'string',
'thingGroupNames': [
'string',
],
'attributes': {
'string': 'string'
},
'shadow': 'string',
'connectivity': {
'connected': True|False,
'timestamp': 123
}
},
],
'thingGroups': [
{
'thingGroupName': 'string',
'thingGroupId': 'string',
'thingGroupDescription': 'string',
'attributes': {
'string': 'string'
},
'parentGroupNames': [
'string',
]
},
]
}
Response Structure
(dict) --
nextToken (string) --
The token used to get the next set of results, or null if there are no additional results.
things (list) --
The things that match the search query.
(dict) --
The thing search index document.
thingName (string) --
The thing name.
thingId (string) --
The thing ID.
thingTypeName (string) --
The thing type name.
thingGroupNames (list) --
Thing group names.
attributes (dict) --
The attributes.
shadow (string) --
The shadow.
connectivity (dict) --
Indicates whether the thing is connected to the AWS IoT service.
connected (boolean) --
True if the thing is connected to the AWS IoT service; false if it is not connected.
timestamp (integer) --
The epoch time (in milliseconds) when the thing last connected or disconnected. If the thing has been disconnected for more than a few weeks, the time value might be missing.
thingGroups (list) --
The thing groups that match the search query.
(dict) --
The thing group search index document.
thingGroupName (string) --
The thing group name.
thingGroupId (string) --
The thing group ID.
thingGroupDescription (string) --
The thing group description.
attributes (dict) --
The thing group attributes.
parentGroupNames (list) --
Parent group names.
Exceptions
Sets the default authorizer. This will be used if a websocket connection is made without specifying an authorizer.
See also: AWS API Documentation
Request Syntax
response = client.set_default_authorizer(
authorizerName='string'
)
[REQUIRED]
The authorizer name.
{
'authorizerName': 'string',
'authorizerArn': 'string'
}
Response Structure
The authorizer name.
The authorizer ARN.
Exceptions
Sets the specified version of the specified policy as the policy's default (operative) version. This action affects all certificates to which the policy is attached. To list the principals the policy is attached to, use the ListPrincipalPolicy API.
See also: AWS API Documentation
Request Syntax
response = client.set_default_policy_version(
policyName='string',
policyVersionId='string'
)
[REQUIRED]
The policy name.
[REQUIRED]
The policy version ID.
None
Exceptions
Sets the logging options.
NOTE: use of this command is not recommended. Use SetV2LoggingOptions instead.
See also: AWS API Documentation
Request Syntax
response = client.set_logging_options(
loggingOptionsPayload={
'roleArn': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
}
)
[REQUIRED]
The logging options payload.
The ARN of the IAM role that grants access.
The log level.
Exceptions
Sets the logging level.
See also: AWS API Documentation
Request Syntax
response = client.set_v2_logging_level(
logTarget={
'targetType': 'DEFAULT'|'THING_GROUP',
'targetName': 'string'
},
logLevel='DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
)
[REQUIRED]
The log target.
The target type.
The target name.
[REQUIRED]
The log level.
None
Exceptions
Sets the logging options for the V2 logging service.
See also: AWS API Documentation
Request Syntax
response = client.set_v2_logging_options(
roleArn='string',
defaultLogLevel='DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED',
disableAllLogs=True|False
)
None
Exceptions
Starts a task that applies a set of mitigation actions to the specified target.
See also: AWS API Documentation
Request Syntax
response = client.start_audit_mitigation_actions_task(
taskId='string',
target={
'auditTaskId': 'string',
'findingIds': [
'string',
],
'auditCheckToReasonCodeFilter': {
'string': [
'string',
]
}
},
auditCheckToActionsMapping={
'string': [
'string',
]
},
clientRequestToken='string'
)
[REQUIRED]
A unique identifier for the task. You can use this identifier to check the status of the task or to cancel it.
[REQUIRED]
Specifies the audit findings to which the mitigation actions are applied. You can apply them to a type of audit check, to all findings from an audit, or to a specific set of findings.
If the task will apply a mitigation action to findings from a specific audit, this value uniquely identifies the audit.
If the task will apply a mitigation action to one or more listed findings, this value uniquely identifies those findings.
Specifies a filter in the form of an audit check and set of reason codes that identify the findings from the audit to which the audit mitigation actions task apply.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
[REQUIRED]
For an audit check, specifies which mitigation actions to apply. Those actions must be defined in your AWS account.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
[REQUIRED]
Each audit mitigation task must have a unique client request token. If you try to start a new task with the same token as a task that already exists, an exception occurs. If you omit this value, a unique client request token is generated automatically.
This field is autopopulated if not provided.
dict
Response Syntax
{
'taskId': 'string'
}
Response Structure
(dict) --
taskId (string) --
The unique identifier for the audit mitigation task. This matches the taskId that you specified in the request.
Exceptions
Starts a Device Defender ML Detect mitigation actions task.
See also: AWS API Documentation
Request Syntax
response = client.start_detect_mitigation_actions_task(
taskId='string',
target={
'violationIds': [
'string',
],
'securityProfileName': 'string',
'behaviorName': 'string'
},
actions=[
'string',
],
violationEventOccurrenceRange={
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1)
},
includeOnlyActiveViolations=True|False,
includeSuppressedAlerts=True|False,
clientRequestToken='string'
)
[REQUIRED]
The unique identifier of the task.
[REQUIRED]
Specifies the ML Detect findings to which the mitigation actions are applied.
The unique identifiers of the violations.
The name of the security profile.
The name of the behavior.
[REQUIRED]
The actions to be performed when a device has unexpected behavior.
Specifies the time period of which violation events occurred between.
The start date and time of a time period in which violation events occurred.
The end date and time of a time period in which violation events occurred.
[REQUIRED]
Each mitigation action task must have a unique client request token. If you try to create a new task with the same token as a task that already exists, an exception occurs. If you omit this value, AWS SDKs will automatically generate a unique client request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'taskId': 'string'
}
Response Structure
(dict) --
taskId (string) --
The unique identifier of the task.
Exceptions
Starts an on-demand Device Defender audit.
See also: AWS API Documentation
Request Syntax
response = client.start_on_demand_audit_task(
targetCheckNames=[
'string',
]
)
[REQUIRED]
Which checks are performed during the audit. The checks you specify must be enabled for your account or an exception occurs. Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
{
'taskId': 'string'
}
Response Structure
The ID of the on-demand audit you started.
Exceptions
Creates a bulk thing provisioning task.
See also: AWS API Documentation
Request Syntax
response = client.start_thing_registration_task(
templateBody='string',
inputFileBucket='string',
inputFileKey='string',
roleArn='string'
)
[REQUIRED]
The provisioning template.
[REQUIRED]
The S3 bucket that contains the input file.
[REQUIRED]
The name of input file within the S3 bucket. This file contains a newline delimited JSON file. Each line contains the parameter values to provision one device (thing).
[REQUIRED]
The IAM role ARN that grants permission the input file.
dict
Response Syntax
{
'taskId': 'string'
}
Response Structure
(dict) --
taskId (string) --
The bulk thing provisioning task ID.
Exceptions
Cancels a bulk thing provisioning task.
See also: AWS API Documentation
Request Syntax
response = client.stop_thing_registration_task(
taskId='string'
)
[REQUIRED]
The bulk thing provisioning task ID.
{}
Response Structure
Exceptions
Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource.
See also: AWS API Documentation
Request Syntax
response = client.tag_resource(
resourceArn='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The ARN of the resource.
[REQUIRED]
The new or modified tags for the resource.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{}
Response Structure
Exceptions
Tests if a specified principal is authorized to perform an AWS IoT action on a specified resource. Use this to test and debug the authorization behavior of devices that connect to the AWS IoT device gateway.
See also: AWS API Documentation
Request Syntax
response = client.test_authorization(
principal='string',
cognitoIdentityPoolId='string',
authInfos=[
{
'actionType': 'PUBLISH'|'SUBSCRIBE'|'RECEIVE'|'CONNECT',
'resources': [
'string',
]
},
],
clientId='string',
policyNamesToAdd=[
'string',
],
policyNamesToSkip=[
'string',
]
)
[REQUIRED]
A list of authorization info objects. Simulating authorization will create a response for each authInfo object in the list.
A collection of authorization information.
The type of action for which the principal is being authorized.
The resources for which the principal is being authorized to perform the specified action.
When testing custom authorization, the policies specified here are treated as if they are attached to the principal being authorized.
When testing custom authorization, the policies specified here are treated as if they are not attached to the principal being authorized.
dict
Response Syntax
{
'authResults': [
{
'authInfo': {
'actionType': 'PUBLISH'|'SUBSCRIBE'|'RECEIVE'|'CONNECT',
'resources': [
'string',
]
},
'allowed': {
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
]
},
'denied': {
'implicitDeny': {
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
]
},
'explicitDeny': {
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
]
}
},
'authDecision': 'ALLOWED'|'EXPLICIT_DENY'|'IMPLICIT_DENY',
'missingContextValues': [
'string',
]
},
]
}
Response Structure
(dict) --
authResults (list) --
The authentication results.
(dict) --
The authorizer result.
authInfo (dict) --
Authorization information.
actionType (string) --
The type of action for which the principal is being authorized.
resources (list) --
The resources for which the principal is being authorized to perform the specified action.
allowed (dict) --
The policies and statements that allowed the specified action.
policies (list) --
A list of policies that allowed the authentication.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
denied (dict) --
The policies and statements that denied the specified action.
implicitDeny (dict) --
Information that implicitly denies the authorization. When a policy doesn't explicitly deny or allow an action on a resource it is considered an implicit deny.
policies (list) --
Policies that don't contain a matching allow or deny statement for the specified action on the specified resource.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
explicitDeny (dict) --
Information that explicitly denies the authorization.
policies (list) --
The policies that denied the authorization.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
authDecision (string) --
The final authorization decision of this scenario. Multiple statements are taken into account when determining the authorization decision. An explicit deny statement can override multiple allow statements.
missingContextValues (list) --
Contains any missing context values found while evaluating policy.
Exceptions
Tests a custom authorization behavior by invoking a specified custom authorizer. Use this to test and debug the custom authorization behavior of devices that connect to the AWS IoT device gateway.
See also: AWS API Documentation
Request Syntax
response = client.test_invoke_authorizer(
authorizerName='string',
token='string',
tokenSignature='string',
httpContext={
'headers': {
'string': 'string'
},
'queryString': 'string'
},
mqttContext={
'username': 'string',
'password': b'bytes',
'clientId': 'string'
},
tlsContext={
'serverName': 'string'
}
)
[REQUIRED]
The custom authorizer name.
Specifies a test HTTP authorization request.
The header keys and values in an HTTP authorization request.
The query string keys and values in an HTTP authorization request.
Specifies a test MQTT authorization request.
The value of the username key in an MQTT authorization request.
The value of the password key in an MQTT authorization request.
The value of the clientId key in an MQTT authorization request.
Specifies a test TLS authorization request.
The value of the serverName key in a TLS authorization request.
dict
Response Syntax
{
'isAuthenticated': True|False,
'principalId': 'string',
'policyDocuments': [
'string',
],
'refreshAfterInSeconds': 123,
'disconnectAfterInSeconds': 123
}
Response Structure
(dict) --
isAuthenticated (boolean) --
True if the token is authenticated, otherwise false.
principalId (string) --
The principal ID.
policyDocuments (list) --
IAM policy documents.
refreshAfterInSeconds (integer) --
The number of seconds after which the temporary credentials are refreshed.
disconnectAfterInSeconds (integer) --
The number of seconds after which the connection is terminated.
Exceptions
Transfers the specified certificate to the specified AWS account.
You can cancel the transfer until it is acknowledged by the recipient.
No notification is sent to the transfer destination's account. It is up to the caller to notify the transfer target.
The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate API to deactivate it.
The certificate must not have any policies attached to it. You can use the DetachPrincipalPolicy API to detach them.
See also: AWS API Documentation
Request Syntax
response = client.transfer_certificate(
certificateId='string',
targetAwsAccount='string',
transferMessage='string'
)
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
[REQUIRED]
The AWS account.
dict
Response Syntax
{
'transferredCertificateArn': 'string'
}
Response Structure
(dict) --
The output from the TransferCertificate operation.
transferredCertificateArn (string) --
The ARN of the certificate.
Exceptions
Removes the given tags (metadata) from the resource.
See also: AWS API Documentation
Request Syntax
response = client.untag_resource(
resourceArn='string',
tagKeys=[
'string',
]
)
[REQUIRED]
The ARN of the resource.
[REQUIRED]
A list of the keys of the tags to be removed from the resource.
dict
Response Syntax
{}
Response Structure
Exceptions
Configures or reconfigures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.
See also: AWS API Documentation
Request Syntax
response = client.update_account_audit_configuration(
roleArn='string',
auditNotificationTargetConfigurations={
'string': {
'targetArn': 'string',
'roleArn': 'string',
'enabled': True|False
}
},
auditCheckConfigurations={
'string': {
'enabled': True|False
}
}
)
Information about the targets to which audit notifications are sent.
Information about the targets to which audit notifications are sent.
The ARN of the target (SNS topic) to which audit notifications are sent.
The ARN of the role that grants permission to send notifications to the target.
True if notifications to the target are enabled.
Specifies which audit checks are enabled and disabled for this account. Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are currently enabled.
Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted.
You cannot disable a check if it's used by any scheduled audit. You must first delete the check from the scheduled audit or delete the scheduled audit itself.
On the first call to UpdateAccountAuditConfiguration , this parameter is required and must specify at least one enabled check.
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
Which audit checks are enabled and disabled for this account.
True if this audit check is enabled for this account.
dict
Response Syntax
{}
Response Structure
Exceptions
Updates a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
response = client.update_audit_suppression(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
expirationDate=datetime(2015, 1, 1),
suppressIndefinitely=True|False,
description='string'
)
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
[REQUIRED]
Information that identifies the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
dict
Response Syntax
{}
Response Structure
Exceptions
Updates an authorizer.
See also: AWS API Documentation
Request Syntax
response = client.update_authorizer(
authorizerName='string',
authorizerFunctionArn='string',
tokenKeyName='string',
tokenSigningPublicKeys={
'string': 'string'
},
status='ACTIVE'|'INACTIVE'
)
[REQUIRED]
The authorizer name.
The public keys used to verify the token signature.
dict
Response Syntax
{
'authorizerName': 'string',
'authorizerArn': 'string'
}
Response Structure
(dict) --
authorizerName (string) --
The authorizer name.
authorizerArn (string) --
The authorizer ARN.
Exceptions
Updates information about the billing group.
See also: AWS API Documentation
Request Syntax
response = client.update_billing_group(
billingGroupName='string',
billingGroupProperties={
'billingGroupDescription': 'string'
},
expectedVersion=123
)
[REQUIRED]
The name of the billing group.
[REQUIRED]
The properties of the billing group.
The description of the billing group.
dict
Response Syntax
{
'version': 123
}
Response Structure
(dict) --
version (integer) --
The latest version of the billing group.
Exceptions
Updates a registered CA certificate.
See also: AWS API Documentation
Request Syntax
response = client.update_ca_certificate(
certificateId='string',
newStatus='ACTIVE'|'INACTIVE',
newAutoRegistrationStatus='ENABLE'|'DISABLE',
registrationConfig={
'templateBody': 'string',
'roleArn': 'string'
},
removeAutoRegistration=True|False
)
[REQUIRED]
The CA certificate identifier.
The updated status of the CA certificate.
Note: The status value REGISTER_INACTIVE is deprecated and should not be used.
Information about the registration configuration.
The template body.
The ARN of the role.
None
Exceptions
Updates the status of the specified certificate. This operation is idempotent.
Certificates must be in the ACTIVE state to authenticate devices that use a certificate to connect to AWS IoT.
Within a few minutes of updating a certificate from the ACTIVE state to any other state, AWS IoT disconnects all devices that used that certificate to connect. Devices cannot use a certificate that is not in the ACTIVE state to reconnect.
See also: AWS API Documentation
Request Syntax
response = client.update_certificate(
certificateId='string',
newStatus='ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION'
)
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
[REQUIRED]
The new status.
Note: Setting the status to PENDING_TRANSFER or PENDING_ACTIVATION will result in an exception being thrown. PENDING_TRANSFER and PENDING_ACTIVATION are statuses used internally by AWS IoT. They are not intended for developer use.Note: The status value REGISTER_INACTIVE is deprecated and should not be used.
None
Exceptions
Updates a Device Defender detect custom metric.
See also: AWS API Documentation
Request Syntax
response = client.update_custom_metric(
metricName='string',
displayName='string'
)
[REQUIRED]
The name of the custom metric. Cannot be updated.
[REQUIRED]
Field represents a friendly name in the console for the custom metric, it doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated.
dict
Response Syntax
{
'metricName': 'string',
'metricArn': 'string',
'metricType': 'string-list'|'ip-address-list'|'number-list'|'number',
'displayName': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
metricName (string) --
The name of the custom metric.
metricArn (string) --
The Amazon Resource Number (ARN) of the custom metric.
metricType (string) --
The type of the custom metric. Types include string-list , ip-address-list , number-list , and number .
displayName (string) --
A friendly name in the console for the custom metric
creationDate (datetime) --
The creation date of the custom metric in milliseconds since epoch.
lastModifiedDate (datetime) --
The time the custom metric was last modified in milliseconds since epoch.
Exceptions
Updates the definition for a dimension. You cannot change the type of a dimension after it is created (you can delete it and recreate it).
See also: AWS API Documentation
Request Syntax
response = client.update_dimension(
name='string',
stringValues=[
'string',
]
)
[REQUIRED]
A unique identifier for the dimension. Choose something that describes the type and value to make it easy to remember what it does.
[REQUIRED]
Specifies the value or list of values for the dimension. For TOPIC_FILTER dimensions, this is a pattern used to match the MQTT topic (for example, "admin/#").
dict
Response Syntax
{
'name': 'string',
'arn': 'string',
'type': 'TOPIC_FILTER',
'stringValues': [
'string',
],
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
name (string) --
A unique identifier for the dimension.
arn (string) --
The Amazon Resource Name (ARN)of the created dimension.
type (string) --
The type of the dimension.
stringValues (list) --
The value or list of values used to scope the dimension. For example, for topic filters, this is the pattern used to match the MQTT topic name.
creationDate (datetime) --
The date and time, in milliseconds since epoch, when the dimension was initially created.
lastModifiedDate (datetime) --
The date and time, in milliseconds since epoch, when the dimension was most recently updated.
Exceptions
Updates values stored in the domain configuration. Domain configurations for default endpoints can't be updated.
See also: AWS API Documentation
Request Syntax
response = client.update_domain_configuration(
domainConfigurationName='string',
authorizerConfig={
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
domainConfigurationStatus='ENABLED'|'DISABLED',
removeAuthorizerConfig=True|False
)
[REQUIRED]
The name of the domain configuration to be updated.
An object that specifies the authorization service for a domain.
The name of the authorization service for a domain configuration.
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
dict
Response Syntax
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string'
}
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration that was updated.
domainConfigurationArn (string) --
The ARN of the domain configuration that was updated.
Exceptions
Updates a dynamic thing group.
See also: AWS API Documentation
Request Syntax
response = client.update_dynamic_thing_group(
thingGroupName='string',
thingGroupProperties={
'thingGroupDescription': 'string',
'attributePayload': {
'attributes': {
'string': 'string'
},
'merge': True|False
}
},
expectedVersion=123,
indexName='string',
queryString='string',
queryVersion='string'
)
[REQUIRED]
The name of the dynamic thing group to update.
[REQUIRED]
The dynamic thing group properties to update.
The thing group description.
The thing group attributes in JSON format.
A JSON string containing up to three key-value pair in JSON format. For example:
{\"attributes\":{\"string1\":\"string2\"}}
Specifies whether the list of attributes provided in the AttributePayload is merged with the attributes stored in the registry, instead of overwriting them.
To remove an attribute, call UpdateThing with an empty attribute value.
Note
The merge attribute is only valid when calling UpdateThing or UpdateThingGroup .
The dynamic thing group index to update.
Note
Currently one index is supported: 'AWS_Things'.
The dynamic thing group query version to update.
Note
Currently one query version is supported: "2017-09-30". If not specified, the query version defaults to this value.
dict
Response Syntax
{
'version': 123
}
Response Structure
(dict) --
version (integer) --
The dynamic thing group version.
Exceptions
Updates the event configurations.
See also: AWS API Documentation
Request Syntax
response = client.update_event_configurations(
eventConfigurations={
'string': {
'Enabled': True|False
}
}
)
The new event configuration values.
Configuration.
True to enable the configuration.
{}
Response Structure
Exceptions
Updates the search configuration.
See also: AWS API Documentation
Request Syntax
response = client.update_indexing_configuration(
thingIndexingConfiguration={
'thingIndexingMode': 'OFF'|'REGISTRY'|'REGISTRY_AND_SHADOW',
'thingConnectivityIndexingMode': 'OFF'|'STATUS',
'managedFields': [
{
'name': 'string',
'type': 'Number'|'String'|'Boolean'
},
],
'customFields': [
{
'name': 'string',
'type': 'Number'|'String'|'Boolean'
},
]
},
thingGroupIndexingConfiguration={
'thingGroupIndexingMode': 'OFF'|'ON',
'managedFields': [
{
'name': 'string',
'type': 'Number'|'String'|'Boolean'
},
],
'customFields': [
{
'name': 'string',
'type': 'Number'|'String'|'Boolean'
},
]
}
)
Thing indexing configuration.
Thing indexing mode. Valid values are:
Thing connectivity indexing mode. Valid values are:
Contains fields that are indexed and whose types are already known by the Fleet Indexing service.
Describes the name and data type at a field.
The name of the field.
The datatype of the field.
Contains custom field names and their data type.
Describes the name and data type at a field.
The name of the field.
The datatype of the field.
Thing group indexing configuration.
Thing group indexing mode.
Contains fields that are indexed and whose types are already known by the Fleet Indexing service.
Describes the name and data type at a field.
The name of the field.
The datatype of the field.
A list of thing group fields to index. This list cannot contain any managed fields. Use the GetIndexingConfiguration API to get a list of managed fields.
Contains custom field names and their data type.
Describes the name and data type at a field.
The name of the field.
The datatype of the field.
dict
Response Syntax
{}
Response Structure
Exceptions
Updates supported fields of the specified job.
See also: AWS API Documentation
Request Syntax
response = client.update_job(
jobId='string',
description='string',
presignedUrlConfig={
'roleArn': 'string',
'expiresInSec': 123
},
jobExecutionsRolloutConfig={
'maximumPerMinute': 123,
'exponentialRate': {
'baseRatePerMinute': 123,
'incrementFactor': 123.0,
'rateIncreaseCriteria': {
'numberOfNotifiedThings': 123,
'numberOfSucceededThings': 123
}
}
},
abortConfig={
'criteriaList': [
{
'failureType': 'FAILED'|'REJECTED'|'TIMED_OUT'|'ALL',
'action': 'CANCEL',
'thresholdPercentage': 123.0,
'minNumberOfExecutedThings': 123
},
]
},
timeoutConfig={
'inProgressTimeoutInMinutes': 123
},
namespaceId='string'
)
[REQUIRED]
The ID of the job to be updated.
Configuration information for pre-signed S3 URLs.
The ARN of an IAM role that grants grants permission to download files from the S3 bucket where the job data/updates are stored. The role must also grant permission for IoT to download the files.
How long (in seconds) pre-signed URLs are valid. Valid values are 60 - 3600, the default value is 3600 seconds. Pre-signed URLs are generated when Jobs receives an MQTT request for the job document.
Allows you to create a staged rollout of the job.
The maximum number of things that will be notified of a pending job, per minute. This parameter allows you to create a staged rollout.
The rate of increase for a job rollout. This parameter allows you to define an exponential rate for a job rollout.
The minimum number of things that will be notified of a pending job, per minute at the start of job rollout. This parameter allows you to define the initial rate of rollout.
The exponential factor to increase the rate of rollout for a job.
AWS IoT supports up to one digit after the decimal (for example, 1.5, but not 1.55).
The criteria to initiate the increase in rate of rollout for a job.
The threshold for number of notified things that will initiate the increase in rate of rollout.
The threshold for number of succeeded things that will initiate the increase in rate of rollout.
Allows you to create criteria to abort a job.
The list of criteria that determine when and how to abort the job.
The criteria that determine when and how a job abort takes place.
The type of job execution failures that can initiate a job abort.
The type of job action to take to initiate the job abort.
The minimum percentage of job execution failures that must occur to initiate the job abort.
AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).
The minimum number of things which must receive job execution notifications before the job can be aborted.
Specifies the amount of time each device has to finish its execution of the job. The timer is started when the job execution status is set to IN_PROGRESS . If the job execution status is not set to another terminal state before the time expires, it will be automatically set to TIMED_OUT .
Specifies the amount of time, in minutes, this device has to finish execution of this job. The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The in progress timer can't be updated and will apply to all job executions for the job. Whenever a job execution remains in the IN_PROGRESS status for longer than this interval, the job execution will fail and switch to the terminal TIMED_OUT status.
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
None
Exceptions
Updates the definition for the specified mitigation action.
See also: AWS API Documentation
Request Syntax
response = client.update_mitigation_action(
actionName='string',
roleArn='string',
actionParams={
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
)
[REQUIRED]
The friendly name for the mitigation action. You cannot change the name by using UpdateMitigationAction . Instead, you must delete and recreate the mitigation action with the new name.
Defines the type of action and the parameters for that action.
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
The name of the template to be applied. The only supported value is BLANK_POLICY .
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
The Amazon Resource Name (ARN) of the IAM role used for logging.
Specifies the type of information to be logged.
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
The ARN of the topic to which you want to publish the findings.
dict
Response Syntax
{
'actionArn': 'string',
'actionId': 'string'
}
Response Structure
(dict) --
actionArn (string) --
The ARN for the new mitigation action.
actionId (string) --
A unique identifier for the mitigation action.
Exceptions
Updates a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
response = client.update_provisioning_template(
templateName='string',
description='string',
enabled=True|False,
defaultVersionId=123,
provisioningRoleArn='string',
preProvisioningHook={
'payloadVersion': 'string',
'targetArn': 'string'
},
removePreProvisioningHook=True|False
)
[REQUIRED]
The name of the fleet provisioning template.
Updates the pre-provisioning hook template.
The payload that was sent to the target function.
Note: Only Lambda functions are currently supported.
The ARN of the target function.
Note: Only Lambda functions are currently supported.
dict
Response Syntax
{}
Response Structure
Exceptions
Updates a role alias.
See also: AWS API Documentation
Request Syntax
response = client.update_role_alias(
roleAlias='string',
roleArn='string',
credentialDurationSeconds=123
)
[REQUIRED]
The role alias to update.
dict
Response Syntax
{
'roleAlias': 'string',
'roleAliasArn': 'string'
}
Response Structure
(dict) --
roleAlias (string) --
The role alias.
roleAliasArn (string) --
The role alias ARN.
Exceptions
Updates a scheduled audit, including which checks are performed and how often the audit takes place.
See also: AWS API Documentation
Request Syntax
response = client.update_scheduled_audit(
frequency='DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
dayOfMonth='string',
dayOfWeek='SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
targetCheckNames=[
'string',
],
scheduledAuditName='string'
)
Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
[REQUIRED]
The name of the scheduled audit. (Max. 128 chars)
dict
Response Syntax
{
'scheduledAuditArn': 'string'
}
Response Structure
(dict) --
scheduledAuditArn (string) --
The ARN of the scheduled audit.
Exceptions
Updates a Device Defender security profile.
See also: AWS API Documentation
Request Syntax
response = client.update_security_profile(
securityProfileName='string',
securityProfileDescription='string',
behaviors=[
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
],
alertTargets={
'string': {
'alertTargetArn': 'string',
'roleArn': 'string'
}
},
additionalMetricsToRetain=[
'string',
],
additionalMetricsToRetainV2=[
{
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
}
},
],
deleteBehaviors=True|False,
deleteAlertTargets=True|False,
deleteAdditionalMetricsToRetain=True|False,
expectedVersion=123
)
[REQUIRED]
The name of the security profile you want to update.
Specifies the behaviors that, when violated by a device (thing), cause an alert.
A Device Defender security profile behavior.
The name you've given to the behavior.
What is measured by the behavior.
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
A unique identifier for the dimension.
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
The criteria that determine if a device is behaving normally in regard to the metric .
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
The value to be compared with the metric .
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
The numeral value of a metric.
The numeral values of a metric.
The string values of a metric.
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
The configuration of an ML Detect
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
Suppresses alerts.
Where the alerts are sent. (Alerts are always sent to the console.)
The type of alert target: one of "SNS".
A structure containing the alert target ARN and the role ARN.
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.
The ARN of the role that grants permission to send alerts to the notification target.
Please use UpdateSecurityProfileRequest$additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors , but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
The metric you want to retain. Dimensions are optional.
What is measured by the behavior.
The dimension of a metric. This can't be used with custom metrics.
A unique identifier for the dimension.
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
dict
Response Syntax
{
'securityProfileName': 'string',
'securityProfileArn': 'string',
'securityProfileDescription': 'string',
'behaviors': [
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
],
'alertTargets': {
'string': {
'alertTargetArn': 'string',
'roleArn': 'string'
}
},
'additionalMetricsToRetain': [
'string',
],
'additionalMetricsToRetainV2': [
{
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
}
},
],
'version': 123,
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
securityProfileName (string) --
The name of the security profile that was updated.
securityProfileArn (string) --
The ARN of the security profile that was updated.
securityProfileDescription (string) --
The description of the security profile.
behaviors (list) --
Specifies the behaviors that, when violated by a device (thing), cause an alert.
(dict) --
A Device Defender security profile behavior.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
alertTargets (dict) --
Where the alerts are sent. (Alerts are always sent to the console.)
(string) --
The type of alert target: one of "SNS".
(dict) --
A structure containing the alert target ARN and the role ARN.
alertTargetArn (string) --
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.
roleArn (string) --
The ARN of the role that grants permission to send alerts to the notification target.
additionalMetricsToRetain (list) --
Please use UpdateSecurityProfileResponse$additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the security profile's behaviors , but it is also retained for any metric specified here.
additionalMetricsToRetainV2 (list) --
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
(dict) --
The metric you want to retain. Dimensions are optional.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension of a metric. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
version (integer) --
The updated version of the security profile.
creationDate (datetime) --
The time the security profile was created.
lastModifiedDate (datetime) --
The time the security profile was last modified.
Exceptions
Updates an existing stream. The stream version will be incremented by one.
See also: AWS API Documentation
Request Syntax
response = client.update_stream(
streamId='string',
description='string',
files=[
{
'fileId': 123,
's3Location': {
'bucket': 'string',
'key': 'string',
'version': 'string'
}
},
],
roleArn='string'
)
[REQUIRED]
The stream ID.
The files associated with the stream.
Represents a file to stream.
The file ID.
The location of the file in S3.
The S3 bucket.
The S3 key.
The S3 bucket version.
dict
Response Syntax
{
'streamId': 'string',
'streamArn': 'string',
'description': 'string',
'streamVersion': 123
}
Response Structure
(dict) --
streamId (string) --
The stream ID.
streamArn (string) --
The stream ARN.
description (string) --
A description of the stream.
streamVersion (integer) --
The stream version.
Exceptions
Updates the data for a thing.
See also: AWS API Documentation
Request Syntax
response = client.update_thing(
thingName='string',
thingTypeName='string',
attributePayload={
'attributes': {
'string': 'string'
},
'merge': True|False
},
expectedVersion=123,
removeThingType=True|False
)
[REQUIRED]
The name of the thing to update.
You can't change a thing's name. To change a thing's name, you must create a new thing, give it the new name, and then delete the old thing.
A list of thing attributes, a JSON string containing name-value pairs. For example:
{\"attributes\":{\"name1\":\"value2\"}}
This data is used to add new attributes or update existing attributes.
A JSON string containing up to three key-value pair in JSON format. For example:
{\"attributes\":{\"string1\":\"string2\"}}
Specifies whether the list of attributes provided in the AttributePayload is merged with the attributes stored in the registry, instead of overwriting them.
To remove an attribute, call UpdateThing with an empty attribute value.
Note
The merge attribute is only valid when calling UpdateThing or UpdateThingGroup .
dict
Response Syntax
{}
Response Structure
(dict) --
The output from the UpdateThing operation.
Exceptions
Update a thing group.
See also: AWS API Documentation
Request Syntax
response = client.update_thing_group(
thingGroupName='string',
thingGroupProperties={
'thingGroupDescription': 'string',
'attributePayload': {
'attributes': {
'string': 'string'
},
'merge': True|False
}
},
expectedVersion=123
)
[REQUIRED]
The thing group to update.
[REQUIRED]
The thing group properties.
The thing group description.
The thing group attributes in JSON format.
A JSON string containing up to three key-value pair in JSON format. For example:
{\"attributes\":{\"string1\":\"string2\"}}
Specifies whether the list of attributes provided in the AttributePayload is merged with the attributes stored in the registry, instead of overwriting them.
To remove an attribute, call UpdateThing with an empty attribute value.
Note
The merge attribute is only valid when calling UpdateThing or UpdateThingGroup .
dict
Response Syntax
{
'version': 123
}
Response Structure
(dict) --
version (integer) --
The version of the updated thing group.
Exceptions
Updates the groups to which the thing belongs.
See also: AWS API Documentation
Request Syntax
response = client.update_thing_groups_for_thing(
thingName='string',
thingGroupsToAdd=[
'string',
],
thingGroupsToRemove=[
'string',
],
overrideDynamicGroups=True|False
)
The groups to which the thing will be added.
The groups from which the thing will be removed.
dict
Response Syntax
{}
Response Structure
Exceptions
Updates a topic rule destination. You use this to change the status, endpoint URL, or confirmation URL of the destination.
See also: AWS API Documentation
Request Syntax
response = client.update_topic_rule_destination(
arn='string',
status='ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING'
)
[REQUIRED]
The ARN of the topic rule destination.
[REQUIRED]
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
dict
Response Syntax
{}
Response Structure
Exceptions
Validates a Device Defender security profile behaviors specification.
See also: AWS API Documentation
Request Syntax
response = client.validate_security_profile_behaviors(
behaviors=[
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
]
)
[REQUIRED]
Specifies the behaviors that, when violated by a device (thing), cause an alert.
A Device Defender security profile behavior.
The name you've given to the behavior.
What is measured by the behavior.
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
A unique identifier for the dimension.
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
The criteria that determine if a device is behaving normally in regard to the metric .
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
The value to be compared with the metric .
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
The numeral value of a metric.
The numeral values of a metric.
The string values of a metric.
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
The configuration of an ML Detect
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
Suppresses alerts.
{
'valid': True|False,
'validationErrors': [
{
'errorMessage': 'string'
},
]
}
Response Structure
True if the behaviors were valid.
The list of any errors found in the behaviors.
Information about an error found in a behavior specification.
The description of an error found in the behaviors.
Exceptions
The available paginators are:
paginator = client.get_paginator('get_behavior_model_training_summaries')
Creates an iterator that will paginate through responses from IoT.Client.get_behavior_model_training_summaries().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
securityProfileName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'summaries': [
{
'securityProfileName': 'string',
'behaviorName': 'string',
'trainingDataCollectionStartDate': datetime(2015, 1, 1),
'modelStatus': 'PENDING_BUILD'|'ACTIVE'|'EXPIRED',
'datapointsCollectionPercentage': 123.0,
'lastModelRefreshDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
summaries (list) --
A list of all ML Detect behaviors and their model status for a given Security Profile.
(dict) --
The summary of an ML Detect behavior model.
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
trainingDataCollectionStartDate (datetime) --
The date a training model started collecting data.
modelStatus (string) --
The status of the behavior model.
datapointsCollectionPercentage (float) --
The percentage of datapoints collected.
lastModelRefreshDate (datetime) --
The date the model was last refreshed.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_active_violations')
Creates an iterator that will paginate through responses from IoT.Client.list_active_violations().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
thingName='string',
securityProfileName='string',
behaviorCriteriaType='STATIC'|'STATISTICAL'|'MACHINE_LEARNING',
listSuppressedAlerts=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'activeViolations': [
{
'violationId': 'string',
'thingName': 'string',
'securityProfileName': 'string',
'behavior': {
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
'lastViolationValue': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'violationEventAdditionalInfo': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
},
'lastViolationTime': datetime(2015, 1, 1),
'violationStartTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
activeViolations (list) --
The list of active violations.
(dict) --
Information about an active Device Defender security profile behavior violation.
violationId (string) --
The ID of the active violation.
thingName (string) --
The name of the thing responsible for the active violation.
securityProfileName (string) --
The security profile with the behavior is in violation.
behavior (dict) --
The behavior that is being violated.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
lastViolationValue (dict) --
The value of the metric (the measurement) that caused the most recent violation.
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
violationEventAdditionalInfo (dict) --
The details of a violation event.
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
lastViolationTime (datetime) --
The time the most recent violation occurred.
violationStartTime (datetime) --
The time the violation started.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_attached_policies')
Creates an iterator that will paginate through responses from IoT.Client.list_attached_policies().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
target='string',
recursive=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The group or principal for which the policies will be listed. Valid principals are CertificateArn (arn:aws:iot:region :accountId :cert/certificateId ), thingGroupArn (arn:aws:iot:region :accountId :thinggroup/groupName ) and CognitoId (region :id ).
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
policies (list) --
The policies.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_audit_findings')
Creates an iterator that will paginate through responses from IoT.Client.list_audit_findings().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
taskId='string',
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
listSuppressedFindings=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Information identifying the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'findings': [
{
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string',
'isSuppressed': True|False
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
findings (list) --
The findings (results) of the audit.
(dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the noncompliant resource.
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the resource.
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
isSuppressed (boolean) --
Indicates whether the audit finding was suppressed or not during reporting.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_audit_mitigation_actions_executions')
Creates an iterator that will paginate through responses from IoT.Client.list_audit_mitigation_actions_executions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
taskId='string',
actionStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'|'SKIPPED'|'PENDING',
findingId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
Specify this filter to limit results to actions for a specific audit mitigation actions task.
[REQUIRED]
Specify this filter to limit results to those that were applied to a specific audit finding.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'actionsExecutions': [
{
'taskId': 'string',
'findingId': 'string',
'actionName': 'string',
'actionId': 'string',
'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'|'SKIPPED'|'PENDING',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'errorCode': 'string',
'message': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
actionsExecutions (list) --
A set of task execution results based on the input parameters. Details include the mitigation action applied, start time, and task status.
(dict) --
Returned by ListAuditMitigationActionsTask, this object contains information that describes a mitigation action that has been started.
taskId (string) --
The unique identifier for the task that applies the mitigation action.
findingId (string) --
The unique identifier for the findings to which the task and associated mitigation action are applied.
actionName (string) --
The friendly name of the mitigation action being applied by the task.
actionId (string) --
The unique identifier for the mitigation action being applied by the task.
status (string) --
The current status of the task being executed.
startTime (datetime) --
The date and time when the task was started.
endTime (datetime) --
The date and time when the task was completed or canceled. Blank if the task is still running.
errorCode (string) --
If an error occurred, the code that indicates which type of error occurred.
message (string) --
If an error occurred, a message that describes the error.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_audit_mitigation_actions_tasks')
Creates an iterator that will paginate through responses from IoT.Client.list_audit_mitigation_actions_tasks().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
auditTaskId='string',
findingId='string',
taskStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
Specify this filter to limit results to tasks that began on or after a specific date and time.
[REQUIRED]
Specify this filter to limit results to tasks that were completed or canceled on or before a specific date and time.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'startTime': datetime(2015, 1, 1),
'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The collection of audit mitigation tasks that matched the filter criteria.
(dict) --
Information about an audit mitigation actions task that is returned by ListAuditMitigationActionsTasks .
taskId (string) --
The unique identifier for the task.
startTime (datetime) --
The time at which the audit mitigation actions task was started.
taskStatus (string) --
The current state of the audit mitigation actions task.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_audit_suppressions')
Creates an iterator that will paginate through responses from IoT.Client.list_audit_suppressions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Information that identifies the noncompliant resource.
The ID of the certificate attached to the resource.
The ID of the CA certificate used to authorize the certificate.
The ID of the Amazon Cognito identity pool.
The client ID.
The version of the policy associated with the resource.
The name of the policy.
The ID of the version of the policy associated with the resource.
The account with which the resource is associated.
The ARN of the IAM role that has overly permissive actions.
The ARN of the role alias that has overly permissive actions.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'suppressions': [
{
'checkName': 'string',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'expirationDate': datetime(2015, 1, 1),
'suppressIndefinitely': True|False,
'description': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
suppressions (list) --
List of audit suppressions.
(dict) --
Filters out specific findings of a Device Defender audit.
checkName (string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
expirationDate (datetime) --
The expiration date (epoch timestamp in seconds) that you want the suppression to adhere to.
suppressIndefinitely (boolean) --
Indicates whether a suppression should exist indefinitely or not.
description (string) --
The description of the audit suppression.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_audit_tasks')
Creates an iterator that will paginate through responses from IoT.Client.list_audit_tasks().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
taskType='ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK',
taskStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The beginning of the time period. Audit information is retained for a limited time (90 days). Requesting a start time prior to what is retained results in an "InvalidRequestException".
[REQUIRED]
The end of the time period.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
'taskType': 'ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The audits that were performed during the specified time period.
(dict) --
The audits that were performed.
taskId (string) --
The ID of this audit.
taskStatus (string) --
The status of this audit. One of "IN_PROGRESS", "COMPLETED", "FAILED", or "CANCELED".
taskType (string) --
The type of this audit. One of "ON_DEMAND_AUDIT_TASK" or "SCHEDULED_AUDIT_TASK".
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_authorizers')
Creates an iterator that will paginate through responses from IoT.Client.list_authorizers().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ascendingOrder=True|False,
status='ACTIVE'|'INACTIVE',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'authorizers': [
{
'authorizerName': 'string',
'authorizerArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
authorizers (list) --
The authorizers.
(dict) --
The authorizer summary.
authorizerName (string) --
The authorizer name.
authorizerArn (string) --
The authorizer ARN.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_billing_groups')
Creates an iterator that will paginate through responses from IoT.Client.list_billing_groups().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
namePrefixFilter='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'billingGroups': [
{
'groupName': 'string',
'groupArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
billingGroups (list) --
The list of billing groups.
(dict) --
The name and ARN of a group.
groupName (string) --
The group name.
groupArn (string) --
The group ARN.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_ca_certificates')
Creates an iterator that will paginate through responses from IoT.Client.list_ca_certificates().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'certificates': [
{
'certificateArn': 'string',
'certificateId': 'string',
'status': 'ACTIVE'|'INACTIVE',
'creationDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListCACertificates operation.
certificates (list) --
The CA certificates registered in your AWS account.
(dict) --
A CA certificate.
certificateArn (string) --
The ARN of the CA certificate.
certificateId (string) --
The ID of the CA certificate.
status (string) --
The status of the CA certificate.
The status value REGISTER_INACTIVE is deprecated and should not be used.
creationDate (datetime) --
The date the CA certificate was created.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_certificates')
Creates an iterator that will paginate through responses from IoT.Client.list_certificates().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'certificates': [
{
'certificateArn': 'string',
'certificateId': 'string',
'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
'certificateMode': 'DEFAULT'|'SNI_ONLY',
'creationDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output of the ListCertificates operation.
certificates (list) --
The descriptions of the certificates.
(dict) --
Information about a certificate.
certificateArn (string) --
The ARN of the certificate.
certificateId (string) --
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
status (string) --
The status of the certificate.
The status value REGISTER_INACTIVE is deprecated and should not be used.
certificateMode (string) --
The mode of the certificate.
creationDate (datetime) --
The date and time the certificate was created.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_certificates_by_ca')
Creates an iterator that will paginate through responses from IoT.Client.list_certificates_by_ca().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
caCertificateId='string',
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the CA certificate. This operation will list all registered device certificate that were signed by this CA certificate.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'certificates': [
{
'certificateArn': 'string',
'certificateId': 'string',
'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
'certificateMode': 'DEFAULT'|'SNI_ONLY',
'creationDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output of the ListCertificatesByCA operation.
certificates (list) --
The device certificates signed by the specified CA certificate.
(dict) --
Information about a certificate.
certificateArn (string) --
The ARN of the certificate.
certificateId (string) --
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
status (string) --
The status of the certificate.
The status value REGISTER_INACTIVE is deprecated and should not be used.
certificateMode (string) --
The mode of the certificate.
creationDate (datetime) --
The date and time the certificate was created.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_custom_metrics')
Creates an iterator that will paginate through responses from IoT.Client.list_custom_metrics().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
{
'metricNames': [
'string',
],
'NextToken': 'string'
}
Response Structure
The name of the custom metric.
A token to resume pagination.
paginator = client.get_paginator('list_detect_mitigation_actions_executions')
Creates an iterator that will paginate through responses from IoT.Client.list_detect_mitigation_actions_executions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
taskId='string',
violationId='string',
thingName='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'actionsExecutions': [
{
'taskId': 'string',
'violationId': 'string',
'actionName': 'string',
'thingName': 'string',
'executionStartDate': datetime(2015, 1, 1),
'executionEndDate': datetime(2015, 1, 1),
'status': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'SKIPPED',
'errorCode': 'string',
'message': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
actionsExecutions (list) --
List of actions executions.
(dict) --
Describes which mitigation actions should be executed.
taskId (string) --
The unique identifier of the task.
violationId (string) --
The unique identifier of the violation.
actionName (string) --
The friendly name that uniquely identifies the mitigation action.
thingName (string) --
The name of the thing.
executionStartDate (datetime) --
The date a mitigation action was started.
executionEndDate (datetime) --
The date a mitigation action ended.
status (string) --
The status of a mitigation action.
errorCode (string) --
The error code of a mitigation action.
message (string) --
The message of a mitigation action.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_detect_mitigation_actions_tasks')
Creates an iterator that will paginate through responses from IoT.Client.list_detect_mitigation_actions_tasks().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
[REQUIRED]
The end of the time period for which ML Detect mitigation actions tasks are returned.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'taskStatus': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'CANCELED',
'taskStartTime': datetime(2015, 1, 1),
'taskEndTime': datetime(2015, 1, 1),
'target': {
'violationIds': [
'string',
],
'securityProfileName': 'string',
'behaviorName': 'string'
},
'violationEventOccurrenceRange': {
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1)
},
'onlyActiveViolationsIncluded': True|False,
'suppressedAlertsIncluded': True|False,
'actionsDefinition': [
{
'name': 'string',
'id': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
},
],
'taskStatistics': {
'actionsExecuted': 123,
'actionsSkipped': 123,
'actionsFailed': 123
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The collection of ML Detect mitigation tasks that matched the filter criteria.
(dict) --
The summary of the mitigation action tasks.
taskId (string) --
The unique identifier of the task.
taskStatus (string) --
The status of the task.
taskStartTime (datetime) --
The date the task started.
taskEndTime (datetime) --
The date the task ended.
target (dict) --
Specifies the ML Detect findings to which the mitigation actions are applied.
violationIds (list) --
The unique identifiers of the violations.
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
violationEventOccurrenceRange (dict) --
Specifies the time period of which violation events occurred between.
startTime (datetime) --
The start date and time of a time period in which violation events occurred.
endTime (datetime) --
The end date and time of a time period in which violation events occurred.
onlyActiveViolationsIncluded (boolean) --
Includes only active violations.
suppressedAlertsIncluded (boolean) --
Includes suppressed alerts.
actionsDefinition (list) --
The definition of the actions.
(dict) --
Describes which changes should be applied as part of a mitigation action.
name (string) --
A user-friendly name for the mitigation action.
id (string) --
A unique identifier for the mitigation action.
roleArn (string) --
The IAM role ARN used to apply this mitigation action.
actionParams (dict) --
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) --
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) --
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) --
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) --
The name of the template to be applied. The only supported value is BLANK_POLICY .
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging (string) --
The Amazon Resource Name (ARN) of the IAM role used for logging.
logLevel (string) --
Specifies the type of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) --
The ARN of the topic to which you want to publish the findings.
taskStatistics (dict) --
The statistics of a mitigation action task.
actionsExecuted (integer) --
The actions that were performed.
actionsSkipped (integer) --
The actions that were skipped.
actionsFailed (integer) --
The actions that failed.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_dimensions')
Creates an iterator that will paginate through responses from IoT.Client.list_dimensions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
{
'dimensionNames': [
'string',
],
'NextToken': 'string'
}
Response Structure
A list of the names of the defined dimensions. Use DescribeDimension to get details for a dimension.
A token to resume pagination.
paginator = client.get_paginator('list_domain_configurations')
Creates an iterator that will paginate through responses from IoT.Client.list_domain_configurations().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'domainConfigurations': [
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string',
'serviceType': 'DATA'|'CREDENTIAL_PROVIDER'|'JOBS'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
domainConfigurations (list) --
A list of objects that contain summary information about the user's domain configurations.
(dict) --
The summary of a domain configuration. A domain configuration specifies custom IoT-specific information about a domain. A domain configuration can be associated with an AWS-managed domain (for example, dbc123defghijk.iot.us-west-2.amazonaws.com), a customer managed domain, or a default endpoint.
domainConfigurationName (string) --
The name of the domain configuration. This value must be unique to a region.
domainConfigurationArn (string) --
The ARN of the domain configuration.
serviceType (string) --
The type of service delivered by the endpoint.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_indices')
Creates an iterator that will paginate through responses from IoT.Client.list_indices().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
{
'indexNames': [
'string',
],
'NextToken': 'string'
}
Response Structure
The index names.
A token to resume pagination.
paginator = client.get_paginator('list_job_executions_for_job')
Creates an iterator that will paginate through responses from IoT.Client.list_job_executions_for_job().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
jobId='string',
status='QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The unique identifier you assigned to this job when it was created.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'executionSummaries': [
{
'thingArn': 'string',
'jobExecutionSummary': {
'status': 'QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
'queuedAt': datetime(2015, 1, 1),
'startedAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'executionNumber': 123
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
executionSummaries (list) --
A list of job execution summaries.
(dict) --
Contains a summary of information about job executions for a specific job.
thingArn (string) --
The ARN of the thing on which the job execution is running.
jobExecutionSummary (dict) --
Contains a subset of information about a job execution.
status (string) --
The status of the job execution.
queuedAt (datetime) --
The time, in seconds since the epoch, when the job execution was queued.
startedAt (datetime) --
The time, in seconds since the epoch, when the job execution started.
lastUpdatedAt (datetime) --
The time, in seconds since the epoch, when the job execution was last updated.
executionNumber (integer) --
A string (consisting of the digits "0" through "9") which identifies this particular job execution on this particular device. It can be used later in commands which return or update job execution information.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_job_executions_for_thing')
Creates an iterator that will paginate through responses from IoT.Client.list_job_executions_for_thing().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
thingName='string',
status='QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
namespaceId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The thing name.
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'executionSummaries': [
{
'jobId': 'string',
'jobExecutionSummary': {
'status': 'QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED'|'TIMED_OUT'|'REJECTED'|'REMOVED'|'CANCELED',
'queuedAt': datetime(2015, 1, 1),
'startedAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'executionNumber': 123
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
executionSummaries (list) --
A list of job execution summaries.
(dict) --
The job execution summary for a thing.
jobId (string) --
The unique identifier you assigned to this job when it was created.
jobExecutionSummary (dict) --
Contains a subset of information about a job execution.
status (string) --
The status of the job execution.
queuedAt (datetime) --
The time, in seconds since the epoch, when the job execution was queued.
startedAt (datetime) --
The time, in seconds since the epoch, when the job execution started.
lastUpdatedAt (datetime) --
The time, in seconds since the epoch, when the job execution was last updated.
executionNumber (integer) --
A string (consisting of the digits "0" through "9") which identifies this particular job execution on this particular device. It can be used later in commands which return or update job execution information.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_jobs')
Creates an iterator that will paginate through responses from IoT.Client.list_jobs().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
status='IN_PROGRESS'|'CANCELED'|'COMPLETED'|'DELETION_IN_PROGRESS',
targetSelection='CONTINUOUS'|'SNAPSHOT',
thingGroupName='string',
thingGroupId='string',
namespaceId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
The namespace used to indicate that a job is a customer-managed job.
When you specify a value for this parameter, AWS IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.
$aws/things/*THING_NAME* /jobs/*JOB_ID* /notify-namespace-*NAMESPACE_ID* /
Note
The namespaceId feature is in public preview.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'jobs': [
{
'jobArn': 'string',
'jobId': 'string',
'thingGroupId': 'string',
'targetSelection': 'CONTINUOUS'|'SNAPSHOT',
'status': 'IN_PROGRESS'|'CANCELED'|'COMPLETED'|'DELETION_IN_PROGRESS',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'completedAt': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
jobs (list) --
A list of jobs.
(dict) --
The job summary.
jobArn (string) --
The job ARN.
jobId (string) --
The unique identifier you assigned to this job when it was created.
thingGroupId (string) --
The ID of the thing group.
targetSelection (string) --
Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a thing when the thing is added to a target group, even after the job was completed by all things originally in the group.
status (string) --
The job summary status.
createdAt (datetime) --
The time, in seconds since the epoch, when the job was created.
lastUpdatedAt (datetime) --
The time, in seconds since the epoch, when the job was last updated.
completedAt (datetime) --
The time, in seconds since the epoch, when the job completed.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_mitigation_actions')
Creates an iterator that will paginate through responses from IoT.Client.list_mitigation_actions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
actionType='UPDATE_DEVICE_CERTIFICATE'|'UPDATE_CA_CERTIFICATE'|'ADD_THINGS_TO_THING_GROUP'|'REPLACE_DEFAULT_POLICY_VERSION'|'ENABLE_IOT_LOGGING'|'PUBLISH_FINDING_TO_SNS',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'actionIdentifiers': [
{
'actionName': 'string',
'actionArn': 'string',
'creationDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
actionIdentifiers (list) --
A set of actions that matched the specified filter criteria.
(dict) --
Information that identifies a mitigation action. This information is returned by ListMitigationActions.
actionName (string) --
The friendly name of the mitigation action.
actionArn (string) --
The IAM role ARN used to apply this mitigation action.
creationDate (datetime) --
The date when this mitigation action was created.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_ota_updates')
Creates an iterator that will paginate through responses from IoT.Client.list_ota_updates().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
otaUpdateStatus='CREATE_PENDING'|'CREATE_IN_PROGRESS'|'CREATE_COMPLETE'|'CREATE_FAILED',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'otaUpdates': [
{
'otaUpdateId': 'string',
'otaUpdateArn': 'string',
'creationDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
otaUpdates (list) --
A list of OTA update jobs.
(dict) --
An OTA update summary.
otaUpdateId (string) --
The OTA update ID.
otaUpdateArn (string) --
The OTA update ARN.
creationDate (datetime) --
The date when the OTA update was created.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_outgoing_certificates')
Creates an iterator that will paginate through responses from IoT.Client.list_outgoing_certificates().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'outgoingCertificates': [
{
'certificateArn': 'string',
'certificateId': 'string',
'transferredTo': 'string',
'transferDate': datetime(2015, 1, 1),
'transferMessage': 'string',
'creationDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListOutgoingCertificates operation.
outgoingCertificates (list) --
The certificates that are being transferred but not yet accepted.
(dict) --
A certificate that has been transferred but not yet accepted.
certificateArn (string) --
The certificate ARN.
certificateId (string) --
The certificate ID.
transferredTo (string) --
The AWS account to which the transfer was made.
transferDate (datetime) --
The date the transfer was initiated.
transferMessage (string) --
The transfer message.
creationDate (datetime) --
The certificate creation date.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_policies')
Creates an iterator that will paginate through responses from IoT.Client.list_policies().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListPolicies operation.
policies (list) --
The descriptions of the policies.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_policy_principals')
Creates an iterator that will paginate through responses from IoT.Client.list_policy_principals().
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
policyName='string',
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The policy name.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'principals': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListPolicyPrincipals operation.
principals (list) --
The descriptions of the principals.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_principal_policies')
Creates an iterator that will paginate through responses from IoT.Client.list_principal_policies().
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
principal='string',
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The principal. Valid principals are CertificateArn (arn:aws:iot:region :accountId :cert/certificateId ), thingGroupArn (arn:aws:iot:region :accountId :thinggroup/groupName ) and CognitoId (region :id ).
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListPrincipalPolicies operation.
policies (list) --
The policies.
(dict) --
Describes an AWS IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_principal_things')
Creates an iterator that will paginate through responses from IoT.Client.list_principal_things().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
principal='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The principal.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'things': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListPrincipalThings operation.
things (list) --
The things.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_provisioning_template_versions')
Creates an iterator that will paginate through responses from IoT.Client.list_provisioning_template_versions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
templateName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the fleet provisioning template.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'versions': [
{
'versionId': 123,
'creationDate': datetime(2015, 1, 1),
'isDefaultVersion': True|False
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
versions (list) --
The list of fleet provisioning template versions.
(dict) --
A summary of information about a fleet provision template version.
versionId (integer) --
The ID of the fleet privisioning template version.
creationDate (datetime) --
The date when the fleet provisioning template version was created
isDefaultVersion (boolean) --
True if the fleet provisioning template version is the default version, otherwise false.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_provisioning_templates')
Creates an iterator that will paginate through responses from IoT.Client.list_provisioning_templates().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
{
'templates': [
{
'templateArn': 'string',
'templateName': 'string',
'description': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'enabled': True|False
},
],
'NextToken': 'string'
}
Response Structure
A list of fleet provisioning templates
A summary of information about a fleet provisioning template.
The ARN of the fleet provisioning template.
The name of the fleet provisioning template.
The description of the fleet provisioning template.
The date when the fleet provisioning template summary was created.
The date when the fleet provisioning template summary was last modified.
True if the fleet provision template is enabled, otherwise false.
A token to resume pagination.
paginator = client.get_paginator('list_role_aliases')
Creates an iterator that will paginate through responses from IoT.Client.list_role_aliases().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'roleAliases': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
roleAliases (list) --
The role aliases.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_scheduled_audits')
Creates an iterator that will paginate through responses from IoT.Client.list_scheduled_audits().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
{
'scheduledAudits': [
{
'scheduledAuditName': 'string',
'scheduledAuditArn': 'string',
'frequency': 'DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
'dayOfMonth': 'string',
'dayOfWeek': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT'
},
],
'NextToken': 'string'
}
Response Structure
The list of scheduled audits.
Information about the scheduled audit.
The name of the scheduled audit.
The ARN of the scheduled audit.
How often the scheduled audit occurs.
The day of the month on which the scheduled audit is run (if the frequency is "MONTHLY"). If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.
The day of the week on which the scheduled audit is run (if the frequency is "WEEKLY" or "BIWEEKLY").
A token to resume pagination.
paginator = client.get_paginator('list_security_profiles')
Creates an iterator that will paginate through responses from IoT.Client.list_security_profiles().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
dimensionName='string',
metricName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'securityProfileIdentifiers': [
{
'name': 'string',
'arn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
securityProfileIdentifiers (list) --
A list of security profile identifiers (names and ARNs).
(dict) --
Identifying information for a Device Defender security profile.
name (string) --
The name you've given to the security profile.
arn (string) --
The ARN of the security profile.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_security_profiles_for_target')
Creates an iterator that will paginate through responses from IoT.Client.list_security_profiles_for_target().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
recursive=True|False,
securityProfileTargetArn='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ARN of the target (thing group) whose attached security profiles you want to get.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'securityProfileTargetMappings': [
{
'securityProfileIdentifier': {
'name': 'string',
'arn': 'string'
},
'target': {
'arn': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
securityProfileTargetMappings (list) --
A list of security profiles and their associated targets.
(dict) --
Information about a security profile and the target associated with it.
securityProfileIdentifier (dict) --
Information that identifies the security profile.
name (string) --
The name you've given to the security profile.
arn (string) --
The ARN of the security profile.
target (dict) --
Information about the target (thing group) associated with the security profile.
arn (string) --
The ARN of the security profile.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_streams')
Creates an iterator that will paginate through responses from IoT.Client.list_streams().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ascendingOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'streams': [
{
'streamId': 'string',
'streamArn': 'string',
'streamVersion': 123,
'description': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
streams (list) --
A list of streams.
(dict) --
A summary of a stream.
streamId (string) --
The stream ID.
streamArn (string) --
The stream ARN.
streamVersion (integer) --
The stream version.
description (string) --
A description of the stream.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_tags_for_resource')
Creates an iterator that will paginate through responses from IoT.Client.list_tags_for_resource().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
resourceArn='string',
PaginationConfig={
'MaxItems': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ARN of the resource.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
tags (list) --
The list of tags assigned to the resource.
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) --
The tag's key.
Value (string) --
The tag's value.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_targets_for_policy')
Creates an iterator that will paginate through responses from IoT.Client.list_targets_for_policy().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
policyName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The policy name.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'targets': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
targets (list) --
The policy targets.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_targets_for_security_profile')
Creates an iterator that will paginate through responses from IoT.Client.list_targets_for_security_profile().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
securityProfileName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The security profile.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'securityProfileTargets': [
{
'arn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
securityProfileTargets (list) --
The thing groups to which the security profile is attached.
(dict) --
A target to which an alert is sent when a security profile behavior is violated.
arn (string) --
The ARN of the security profile.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_thing_groups')
Creates an iterator that will paginate through responses from IoT.Client.list_thing_groups().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
parentGroup='string',
namePrefixFilter='string',
recursive=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'thingGroups': [
{
'groupName': 'string',
'groupArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
thingGroups (list) --
The thing groups.
(dict) --
The name and ARN of a group.
groupName (string) --
The group name.
groupArn (string) --
The group ARN.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_thing_groups_for_thing')
Creates an iterator that will paginate through responses from IoT.Client.list_thing_groups_for_thing().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
thingName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The thing name.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'thingGroups': [
{
'groupName': 'string',
'groupArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
thingGroups (list) --
The thing groups.
(dict) --
The name and ARN of a group.
groupName (string) --
The group name.
groupArn (string) --
The group ARN.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_thing_principals')
Creates an iterator that will paginate through responses from IoT.Client.list_thing_principals().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
thingName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the thing.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'principals': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListThingPrincipals operation.
principals (list) --
The principals associated with the thing.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_thing_registration_task_reports')
Creates an iterator that will paginate through responses from IoT.Client.list_thing_registration_task_reports().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
taskId='string',
reportType='ERRORS'|'RESULTS',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The id of the task.
[REQUIRED]
The type of task report.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'resourceLinks': [
'string',
],
'reportType': 'ERRORS'|'RESULTS',
'NextToken': 'string'
}
Response Structure
(dict) --
resourceLinks (list) --
Links to the task resources.
reportType (string) --
The type of task report.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_thing_registration_tasks')
Creates an iterator that will paginate through responses from IoT.Client.list_thing_registration_tasks().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
status='InProgress'|'Completed'|'Failed'|'Cancelled'|'Cancelling',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'taskIds': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
taskIds (list) --
A list of bulk thing provisioning task IDs.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_thing_types')
Creates an iterator that will paginate through responses from IoT.Client.list_thing_types().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
thingTypeName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'thingTypes': [
{
'thingTypeName': 'string',
'thingTypeArn': 'string',
'thingTypeProperties': {
'thingTypeDescription': 'string',
'searchableAttributes': [
'string',
]
},
'thingTypeMetadata': {
'deprecated': True|False,
'deprecationDate': datetime(2015, 1, 1),
'creationDate': datetime(2015, 1, 1)
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output for the ListThingTypes operation.
thingTypes (list) --
The thing types.
(dict) --
The definition of the thing type, including thing type name and description.
thingTypeName (string) --
The name of the thing type.
thingTypeArn (string) --
The thing type ARN.
thingTypeProperties (dict) --
The ThingTypeProperties for the thing type.
thingTypeDescription (string) --
The description of the thing type.
searchableAttributes (list) --
A list of searchable thing attribute names.
thingTypeMetadata (dict) --
The ThingTypeMetadata contains additional information about the thing type including: creation date and time, a value indicating whether the thing type is deprecated, and a date and time when it was deprecated.
deprecated (boolean) --
Whether the thing type is deprecated. If true , no new things could be associated with this type.
deprecationDate (datetime) --
The date and time when the thing type was deprecated.
creationDate (datetime) --
The date and time when the thing type was created.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_things')
Creates an iterator that will paginate through responses from IoT.Client.list_things().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
attributeName='string',
attributeValue='string',
thingTypeName='string',
usePrefixAttributeValue=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
When true , the action returns the thing resources with attribute values that start with the attributeValue provided.
When false , or not present, the action returns only the thing resources with attribute values that match the entire attributeValue provided.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'things': [
{
'thingName': 'string',
'thingTypeName': 'string',
'thingArn': 'string',
'attributes': {
'string': 'string'
},
'version': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListThings operation.
things (list) --
The things.
(dict) --
The properties of the thing, including thing name, thing type name, and a list of thing attributes.
thingName (string) --
The name of the thing.
thingTypeName (string) --
The name of the thing type, if the thing has been associated with a type.
thingArn (string) --
The thing ARN.
attributes (dict) --
A list of thing attributes which are name-value pairs.
version (integer) --
The version of the thing record in the registry.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_things_in_billing_group')
Creates an iterator that will paginate through responses from IoT.Client.list_things_in_billing_group().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
billingGroupName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the billing group.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'things': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
things (list) --
A list of things in the billing group.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_things_in_thing_group')
Creates an iterator that will paginate through responses from IoT.Client.list_things_in_thing_group().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
thingGroupName='string',
recursive=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The thing group name.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'things': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
things (list) --
The things in the specified thing group.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_topic_rule_destinations')
Creates an iterator that will paginate through responses from IoT.Client.list_topic_rule_destinations().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
{
'destinationSummaries': [
{
'arn': 'string',
'status': 'ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'statusReason': 'string',
'httpUrlSummary': {
'confirmationUrl': 'string'
},
'vpcDestinationSummary': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
Information about a topic rule destination.
Information about the topic rule destination.
The topic rule destination ARN.
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
The date and time when the topic rule destination was created.
The date and time when the topic rule destination was last updated.
The reason the topic rule destination is in the current status.
Information about the HTTP URL.
The URL used to confirm ownership of or access to the HTTP topic rule destination URL.
Information about the virtual private cloud (VPC) connection.
The subnet IDs of the VPC destination.
The security groups of the VPC destination.
The ID of the VPC.
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
A token to resume pagination.
paginator = client.get_paginator('list_topic_rules')
Creates an iterator that will paginate through responses from IoT.Client.list_topic_rules().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
topic='string',
ruleDisabled=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'rules': [
{
'ruleArn': 'string',
'ruleName': 'string',
'topicPattern': 'string',
'createdAt': datetime(2015, 1, 1),
'ruleDisabled': True|False
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
The output from the ListTopicRules operation.
rules (list) --
The rules.
(dict) --
Describes a rule.
ruleArn (string) --
The rule ARN.
ruleName (string) --
The name of the rule.
topicPattern (string) --
The pattern for the topic names that apply.
createdAt (datetime) --
The date and time the rule was created.
ruleDisabled (boolean) --
Specifies whether the rule is disabled.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_v2_logging_levels')
Creates an iterator that will paginate through responses from IoT.Client.list_v2_logging_levels().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
targetType='DEFAULT'|'THING_GROUP',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'logTargetConfigurations': [
{
'logTarget': {
'targetType': 'DEFAULT'|'THING_GROUP',
'targetName': 'string'
},
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
logTargetConfigurations (list) --
The logging configuration for a target.
(dict) --
The target configuration.
logTarget (dict) --
A log target
targetType (string) --
The target type.
targetName (string) --
The target name.
logLevel (string) --
The logging level.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_violation_events')
Creates an iterator that will paginate through responses from IoT.Client.list_violation_events().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
thingName='string',
securityProfileName='string',
behaviorCriteriaType='STATIC'|'STATISTICAL'|'MACHINE_LEARNING',
listSuppressedAlerts=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The start time for the alerts to be listed.
[REQUIRED]
The end time for the alerts to be listed.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'violationEvents': [
{
'violationId': 'string',
'thingName': 'string',
'securityProfileName': 'string',
'behavior': {
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
'metricValue': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'violationEventAdditionalInfo': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
},
'violationEventType': 'in-alarm'|'alarm-cleared'|'alarm-invalidated',
'violationEventTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
violationEvents (list) --
The security profile violation alerts issued for this account during the given time period, potentially filtered by security profile, behavior violated, or thing (device) violating.
(dict) --
Information about a Device Defender security profile behavior violation.
violationId (string) --
The ID of the violation event.
thingName (string) --
The name of the thing responsible for the violation event.
securityProfileName (string) --
The name of the security profile whose behavior was violated.
behavior (dict) --
The behavior that was violated.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured (metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
metricValue (dict) --
The value of the metric (the measurement).
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
strings (list) --
The string values of a metric.
violationEventAdditionalInfo (dict) --
The details of a violation event.
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
violationEventType (string) --
The type of violation event.
violationEventTime (datetime) --
The time the violation event occurred.
NextToken (string) --
A token to resume pagination.