create_mitigation_action
(**kwargs)¶Defines an action that can be applied to audit findings by using StartAuditMitigationActionsTask. Only certain types of mitigation actions can be applied to specific check names. For more information, see Mitigation actions. Each mitigation action can apply only one type of change.
Requires permission to access the CreateMitigationAction action.
See also: AWS API Documentation
Request Syntax
response = client.create_mitigation_action(
actionName='string',
roleArn='string',
actionParams={
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
A friendly name for the action. Choose a friendly name that accurately describes the action (for example, EnableLoggingAction
).
[REQUIRED]
The ARN of the IAM role that is used to apply the mitigation action.
[REQUIRED]
Defines the type of action and the parameters for that action.
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE
.
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE
.
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
The name of the template to be applied. The only supported value is BLANK_POLICY
.
Parameters to define a mitigation action that enables Amazon Web Services IoT Core logging at a specified level of detail.
The Amazon Resource Name (ARN) of the IAM role used for logging.
Specifies the type of information to be logged.
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
The ARN of the topic to which you want to publish the findings.
Metadata that can be used to manage the mitigation action.
A set of key/value pairs that are used to manage the resource.
The tag's key.
The tag's value.
dict
Response Syntax
{
'actionArn': 'string',
'actionId': 'string'
}
Response Structure
(dict) --
actionArn (string) --
The ARN for the new mitigation action.
actionId (string) --
A unique identifier for the new mitigation action.
Exceptions
IoT.Client.exceptions.InvalidRequestException
IoT.Client.exceptions.ResourceAlreadyExistsException
IoT.Client.exceptions.LimitExceededException
IoT.Client.exceptions.ThrottlingException
IoT.Client.exceptions.InternalFailureException