CloudWatchApplicationSignals / Client / list_audit_findings
list_audit_findings¶
- CloudWatchApplicationSignals.Client.list_audit_findings(**kwargs)¶
Returns a list of audit findings that provide automated analysis of service behavior and root cause analysis. These findings help identify the most significant observations about your services, including performance issues, anomalies, and potential problems. The findings are generated using heuristic algorithms based on established troubleshooting patterns.
See also: AWS API Documentation
Request Syntax
response = client.list_audit_findings( StartTime=datetime(2015, 1, 1), EndTime=datetime(2015, 1, 1), Auditors=[ 'string', ], AuditTargets=[ { 'Type': 'string', 'Data': { 'Service': { 'Type': 'string', 'Name': 'string', 'Environment': 'string', 'AwsAccountId': 'string' }, 'Slo': { 'SloName': 'string', 'SloArn': 'string' }, 'ServiceOperation': { 'Service': { 'Type': 'string', 'Name': 'string', 'Environment': 'string', 'AwsAccountId': 'string' }, 'Operation': 'string', 'MetricType': 'string' } } }, ], NextToken='string', MaxResults=123 )
- Parameters:
StartTime (datetime) –
[REQUIRED]
The start of the time period to retrieve audit findings for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example,
1698778057
EndTime (datetime) –
[REQUIRED]
The end of the time period to retrieve audit findings for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example,
1698778057
Auditors (list) –
A list of auditor names to filter the findings by. Only findings generated by the specified auditors will be returned.
The following auditors are available for configuration:
slo
- SloAuditor: Identifies SLO violations and detects breached thresholds during the Assessment phase.operation_metric
- OperationMetricAuditor: Detects anomalies in service operation metrics from Application Signals RED metrics during the Assessment phaseservice_quota
- ServiceQuotaAuditor: Monitors resource utilization against service quotas during the Assessment phasetrace
- TraceAuditor: Performs deep-dive analysis of distributed traces, correlating traces with breached SLOs or abnormal RED metrics during the Analysis phasedependency_metric
- CriticalPathAuditor: Analyzes service dependency impacts and maps dependency relationships from Application Signals RED metrics during the Analysis phasetop_contributor
- TopContributorAuditor: Identifies infrastructure-level contributors to issues by analyzing EMF logs of Application Signals RED metrics during the Analysis phaselog
- LogAuditor: Extracts insights from application logs, categorizing error types and ranking severity by frequency during the Analysis phase
Note
InitAuditor
andSummarizer
auditors are not configurable as they are automatically triggered during the audit process.(string) –
AuditTargets (list) –
[REQUIRED]
A list of audit targets to filter the findings by. You can specify services, SLOs, or service operations to limit the audit findings to specific entities.
(dict) –
A structure that specifies the target entity for audit analysis, such as a
service
,SLO
, orservice_operation
.Type (string) – [REQUIRED]
The type of entity being audited, such as
Service
,SLO
, orServiceOperation
.Data (dict) – [REQUIRED]
The specific data identifying the audit target entity.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
Service
,Slo
,ServiceOperation
.Service (dict) –
Service entity information when the audit target is a service.
Type (string) –
The type of the service entity.
Name (string) –
The name of the service.
Environment (string) –
The environment where the service is deployed.
AwsAccountId (string) –
The Amazon Web Services account ID where the service is located. Provide this value only for cross-account access.
Slo (dict) –
SLO entity information when the audit target is a service level objective.
SloName (string) –
The name of the service level objective.
SloArn (string) –
The ARN of the service level objective. The SLO must be provided with ARN for cross-account access.
ServiceOperation (dict) –
Service operation entity information when the audit target is a specific service operation.
Service (dict) –
The service entity that contains this operation.
Type (string) –
The type of the service entity.
Name (string) –
The name of the service.
Environment (string) –
The environment where the service is deployed.
AwsAccountId (string) –
The Amazon Web Services account ID where the service is located. Provide this value only for cross-account access.
Operation (string) –
The name of the operation.
MetricType (string) –
The type of metric associated with this service operation.
NextToken (string) – Include this value, if it was returned by the previous operation, to get the next set of audit findings.
MaxResults (integer) – The maximum number of audit findings to return in one operation. If you omit this parameter, the default of 10 is used.
- Return type:
dict
- Returns:
Response Syntax
{ 'AuditFindings': [ { 'KeyAttributes': { 'string': 'string' }, 'AuditorResults': [ { 'Auditor': 'string', 'Description': 'string', 'Severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'NONE' }, ], 'Operation': 'string', 'MetricGraph': { 'MetricDataQueries': [ { 'Id': 'string', 'MetricStat': { 'Metric': { 'Namespace': 'string', 'MetricName': 'string', 'Dimensions': [ { 'Name': 'string', 'Value': 'string' }, ] }, 'Period': 123, 'Stat': 'string', 'Unit': 'Microseconds'|'Milliseconds'|'Seconds'|'Bytes'|'Kilobytes'|'Megabytes'|'Gigabytes'|'Terabytes'|'Bits'|'Kilobits'|'Megabits'|'Gigabits'|'Terabits'|'Percent'|'Count'|'Bytes/Second'|'Kilobytes/Second'|'Megabytes/Second'|'Gigabytes/Second'|'Terabytes/Second'|'Bits/Second'|'Kilobits/Second'|'Megabits/Second'|'Gigabits/Second'|'Terabits/Second'|'Count/Second'|'None' }, 'Expression': 'string', 'Label': 'string', 'ReturnData': True|False, 'Period': 123, 'AccountId': 'string' }, ], 'StartTime': datetime(2015, 1, 1), 'EndTime': datetime(2015, 1, 1) }, 'DependencyGraph': { 'Nodes': [ { 'KeyAttributes': { 'string': 'string' }, 'Name': 'string', 'NodeId': 'string', 'Operation': 'string', 'Type': 'string', 'Duration': 123.0, 'Status': 'string' }, ], 'Edges': [ { 'SourceNodeId': 'string', 'DestinationNodeId': 'string', 'Duration': 123.0, 'ConnectionType': 'INDIRECT'|'DIRECT' }, ] }, 'Type': 'string' }, ], 'NextToken': 'string' }
Response Structure
(dict) –
AuditFindings (list) –
An array of structures, where each structure contains information about one audit finding, including the auditor results, severity, and associated metric and dependency graphs.
(dict) –
A structure that contains information about an audit finding, which represents an automated analysis result about service behavior, performance issues, or potential problems identified through heuristic algorithms.
KeyAttributes (dict) –
The key attributes that identify the service or entity this audit finding relates to. This is a string-to-string map that includes fields like Type, Name, and Environment.
(string) –
(string) –
AuditorResults (list) –
An array of auditor results that contain the specific findings, descriptions, and severity levels identified by different auditing algorithms.
(dict) –
A structure that contains the result of an automated audit analysis, including the auditor name, description of findings, and severity level.
Auditor (string) –
The name of the auditor algorithm that generated this result.
Description (string) –
A detailed description of the audit finding, explaining what was observed and potential implications.
Severity (string) –
The severity level of this audit finding, indicating the importance and potential impact of the issue.
Operation (string) –
The name of the operation associated with this audit finding, if the finding is specific to a particular service operation.
MetricGraph (dict) –
A structure containing metric data queries and time range information that provides context for the audit finding through relevant performance metrics.
MetricDataQueries (list) –
An array of metric data queries that define the metrics to be retrieved and analyzed as part of the audit finding context.
(dict) –
Use this structure to define a metric or metric math expression that you want to use as for a service level objective.
Each
MetricDataQuery
in theMetricDataQueries
array specifies either a metric to retrieve, or a metric math expression to be performed on retrieved metrics. A singleMetricDataQueries
array can include as many as 20MetricDataQuery
structures in the array. The 20 structures can include as many as 10 structures that contain aMetricStat
parameter to retrieve a metric, and as many as 10 structures that contain theExpression
parameter to perform a math expression. Of thoseExpression
structures, exactly one must have true as the value forReturnData
. The result of this expression used for the SLO.For more information about metric math expressions, see CloudWatchUse metric math.
Within each
MetricDataQuery
object, you must specify eitherExpression
orMetricStat
but not both.Id (string) –
A short name used to tie this object to the results in the response. This
Id
must be unique within aMetricDataQueries
array. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the metric math expression. The valid characters are letters, numbers, and underscore. The first character must be a lowercase letter.MetricStat (dict) –
A metric to be used directly for the SLO, or to be used in the math expression that will be used for the SLO.
Within one
MetricDataQuery
object, you must specify eitherExpression
orMetricStat
but not both.Metric (dict) –
The metric to use as the service level indicator, including the metric name, namespace, and dimensions.
Namespace (string) –
The namespace of the metric. For more information, see Namespaces.
MetricName (string) –
The name of the metric to use.
Dimensions (list) –
An array of one or more dimensions to use to define the metric that you want to use. For more information, see Dimensions.
(dict) –
A dimension is a name/value pair that is part of the identity of a metric. Because dimensions are part of the unique identifier for a metric, whenever you add a unique name/value pair to one of your metrics, you are creating a new variation of that metric. For example, many Amazon EC2 metrics publish
InstanceId
as a dimension name, and the actual instance ID as the value for that dimension.You can assign up to 30 dimensions to a metric.
Name (string) –
The name of the dimension. Dimension names must contain only ASCII characters, must include at least one non-whitespace character, and cannot start with a colon (
:
). ASCII control characters are not supported as part of dimension names.Value (string) –
The value of the dimension. Dimension values must contain only ASCII characters and must include at least one non-whitespace character. ASCII control characters are not supported as part of dimension values.
Period (integer) –
The granularity, in seconds, to be used for the metric. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a
PutMetricData
call that includes aStorageResolution
of 1 second.Stat (string) –
The statistic to use for comparison to the threshold. It can be any CloudWatch statistic or extended statistic. For more information about statistics, see CloudWatch statistics definitions.
Unit (string) –
If you omit
Unit
then all data that was collected with any unit is returned, along with the corresponding units that were specified when the data was reported to CloudWatch. If you specify a unit, the operation returns only data that was collected with that unit specified. If you specify a unit that does not match the data collected, the results of the operation are null. CloudWatch does not perform unit conversions.
Expression (string) –
This field can contain a metric math expression to be performed on the other metrics that you are retrieving within this
MetricDataQueries
structure.A math expression can use the
Id
of the other metrics or queries to refer to those metrics, and can also use theId
of other expressions to use the result of those expressions. For more information about metric math expressions, see Metric Math Syntax and Functions in the Amazon CloudWatch User Guide.Within each
MetricDataQuery
object, you must specify eitherExpression
orMetricStat
but not both.Label (string) –
A human-readable label for this metric or expression. This is especially useful if this is an expression, so that you know what the value represents. If the metric or expression is shown in a CloudWatch dashboard widget, the label is shown. If
Label
is omitted, CloudWatch generates a default.You can put dynamic expressions into a label, so that it is more descriptive. For more information, see Using Dynamic Labels.
ReturnData (boolean) –
Use this only if you are using a metric math expression for the SLO. Specify
true
forReturnData
for only the one expression result to use as the alarm. For all other metrics and expressions in the sameCreateServiceLevelObjective
operation, specifyReturnData
asfalse
.Period (integer) –
The granularity, in seconds, of the returned data points for this metric. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a
PutMetricData
call that includes aStorageResolution
of 1 second.If the
StartTime
parameter specifies a time stamp that is greater than 3 hours ago, you must specify the period as follows or no data points in that time range is returned:Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds (1 minute).
Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 minutes).
Start time greater than 63 days ago - Use a multiple of 3600 seconds (1 hour).
AccountId (string) –
The ID of the account where this metric is located. If you are performing this operation in a monitoring account, use this to specify which source account to retrieve this metric from.
StartTime (datetime) –
The start time for the metric data included in this graph. When used in a raw HTTP Query API, it is formatted as epoch time in seconds.
EndTime (datetime) –
The end time for the metric data included in this graph. When used in a raw HTTP Query API, it is formatted as epoch time in seconds.
DependencyGraph (dict) –
A structure containing nodes and edges that represent the dependency relationships relevant to this audit finding, helping to understand the context and potential impact.
Nodes (list) –
An array of nodes representing the services, resources, or other entities in the dependency graph.
(dict) –
A structure that represents a node in a dependency graph, containing information about a service, resource, or other entity and its characteristics.
KeyAttributes (dict) –
The key attributes that identify this node, including Type, Name, and Environment information.
(string) –
(string) –
Name (string) –
The name of the entity represented by this node.
NodeId (string) –
A unique identifier for this node within the dependency graph.
Operation (string) –
The operation associated with this node, if applicable.
Type (string) –
The type of entity represented by this node, such as
Service
orResource
.Duration (float) –
The duration or processing time associated with this node, if applicable.
Status (string) –
The status of the entity represented by this node.
Edges (list) –
An array of edges representing the connections and relationships between the nodes in the dependency graph.
(dict) –
A structure that represents a connection between two nodes in a dependency graph, showing the relationship and characteristics of the connection.
SourceNodeId (string) –
The identifier of the source node in this edge connection.
DestinationNodeId (string) –
The identifier of the destination node in this edge connection.
Duration (float) –
The duration or latency associated with this connection, if applicable.
ConnectionType (string) –
The type of connection between the nodes, indicating the nature of the relationship.
Type (string) –
The type of audit finding.
NextToken (string) –
Include this value in your next use of this API to get the next set of audit findings.
Exceptions
CloudWatchApplicationSignals.Client.exceptions.ValidationException
CloudWatchApplicationSignals.Client.exceptions.ThrottlingException