CloudWatchApplicationSignals / Client / list_audit_findings
list_audit_findings¶
- CloudWatchApplicationSignals.Client.list_audit_findings(**kwargs)¶
Retrieves a list of audit findings for Application Signals resources. Audit findings identify potential issues, misconfigurations, or compliance violations in your observability setup.
You can filter findings by time range, auditor type, and target resources to focus on specific areas of concern. This operation supports pagination for large result sets.
See also: AWS API Documentation
Request Syntax
response = client.list_audit_findings( StartTime=datetime(2015, 1, 1), EndTime=datetime(2015, 1, 1), Auditors=[ 'string', ], AuditTargets=[ { 'Type': 'string', 'Data': { 'Service': { 'Type': 'string', 'Name': 'string', 'Environment': 'string', 'AwsAccountId': 'string' }, 'Slo': { 'SloName': 'string', 'SloArn': 'string' }, 'ServiceOperation': { 'Service': { 'Type': 'string', 'Name': 'string', 'Environment': 'string', 'AwsAccountId': 'string' }, 'Operation': 'string', 'MetricType': 'string' }, 'Canary': { 'CanaryName': 'string' } } }, ], NextToken='string', MaxResults=123 )
- Parameters:
StartTime (datetime) –
[REQUIRED]
The start time for the audit findings query. Only findings created on or after this time will be included in the results. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
EndTime (datetime) –
[REQUIRED]
The end time for the audit findings query. Only findings created before this time will be included in the results. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
Auditors (list) –
An array of auditor names to filter the findings. Only findings generated by the specified auditors will be returned. When not specified, findings from all auditors are included except canary.
(string) –
AuditTargets (list) –
[REQUIRED]
An array of audit target specifications to filter the findings. Only findings related to the specified targets (such as specific services, SLOs, operations or canary) will be returned.
(dict) –
Specifies a target resource for auditing, such as a service, SLO, or operation.
Type (string) – [REQUIRED]
The type of resource being targeted for audit, such as “Service”, “SLO”, “ServiceOperation”, or “Canary”.
Data (dict) – [REQUIRED]
The specific data or entity information for the audit target, containing details needed to identify and examine the resource.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
Service,Slo,ServiceOperation,Canary.Service (dict) –
Service entity information when the audit target is a service.
Type (string) –
The type of service, such as “WebService”, “Database”, “Queue”, or “Function”.
Name (string) –
The name of the service as identified by Application Signals.
Environment (string) –
The environment where the service is deployed, such as “Production”, “Staging”, or “Development”.
AwsAccountId (string) –
The AWS account ID where the service is deployed.
Slo (dict) –
Service Level Objective entity information when the audit target is an SLO.
SloName (string) –
The name of the Service Level Objective.
SloArn (string) –
The Amazon Resource Name (ARN) of the Service Level Objective.
ServiceOperation (dict) –
Service operation entity information when the audit target is a specific operation within a service.
Service (dict) –
The service entity that contains this operation.
Type (string) –
The type of service, such as “WebService”, “Database”, “Queue”, or “Function”.
Name (string) –
The name of the service as identified by Application Signals.
Environment (string) –
The environment where the service is deployed, such as “Production”, “Staging”, or “Development”.
AwsAccountId (string) –
The AWS account ID where the service is deployed.
Operation (string) –
The name of the specific operation within the service.
MetricType (string) –
The type of metric associated with this service operation, such as “Latency”, “ErrorRate”, or “Throughput”.
Canary (dict) –
Canary entity information when the audit target is a CloudWatch Synthetics canary.
CanaryName (string) – [REQUIRED]
The name of the CloudWatch Synthetics canary.
NextToken (string) – The token for the next set of results. Use this token to retrieve additional pages of audit findings when the result set is large.
MaxResults (integer) – The maximum number of audit findings to return in a single request. Valid range is 1 to 100. If not specified, defaults to 50.
- Return type:
dict
- Returns:
Response Syntax
{ 'AuditFindings': [ { 'KeyAttributes': { 'string': 'string' }, 'AuditorResults': [ { 'Auditor': 'string', 'Description': 'string', 'Severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'NONE' }, ], 'Operation': 'string', 'MetricGraph': { 'MetricDataQueries': [ { 'Id': 'string', 'MetricStat': { 'Metric': { 'Namespace': 'string', 'MetricName': 'string', 'Dimensions': [ { 'Name': 'string', 'Value': 'string' }, ] }, 'Period': 123, 'Stat': 'string', 'Unit': 'Microseconds'|'Milliseconds'|'Seconds'|'Bytes'|'Kilobytes'|'Megabytes'|'Gigabytes'|'Terabytes'|'Bits'|'Kilobits'|'Megabits'|'Gigabits'|'Terabits'|'Percent'|'Count'|'Bytes/Second'|'Kilobytes/Second'|'Megabytes/Second'|'Gigabytes/Second'|'Terabytes/Second'|'Bits/Second'|'Kilobits/Second'|'Megabits/Second'|'Gigabits/Second'|'Terabits/Second'|'Count/Second'|'None' }, 'Expression': 'string', 'Label': 'string', 'ReturnData': True|False, 'Period': 123, 'AccountId': 'string' }, ], 'StartTime': datetime(2015, 1, 1), 'EndTime': datetime(2015, 1, 1) }, 'DependencyGraph': { 'Nodes': [ { 'KeyAttributes': { 'string': 'string' }, 'Name': 'string', 'NodeId': 'string', 'Operation': 'string', 'Type': 'string', 'Duration': 123.0, 'Status': 'string' }, ], 'Edges': [ { 'SourceNodeId': 'string', 'DestinationNodeId': 'string', 'Duration': 123.0, 'ConnectionType': 'INDIRECT'|'DIRECT' }, ] }, 'Type': 'string' }, ], 'NextToken': 'string' }
Response Structure
(dict) –
AuditFindings (list) –
An array of audit findings that match the specified criteria. Each finding includes details about the issue, affected resources, and auditor results.
(dict) –
Represents an audit finding that identifies a potential issue, misconfiguration, or compliance violation in Application Signals resources.
KeyAttributes (dict) –
A map of key attributes that identify the resource associated with this audit finding. These attributes help locate and understand the context of the finding.
(string) –
(string) –
AuditorResults (list) –
An array of results from different auditors that examined the resource. Each result includes the auditor name, description, and severity level.
(dict) –
Represents the result of an audit performed by a specific auditor on a resource.
Auditor (string) –
The name or identifier of the auditor that performed the examination and generated this result.
Description (string) –
A detailed description of what the auditor found, including any recommendations for remediation or further investigation.
Severity (string) –
The severity level of the finding, such as “Critical”, “High”, “Medium”, or “Low”. This helps prioritize remediation efforts.
Operation (string) –
The operation or action that was being audited when this finding was discovered. This provides context about what was being examined.
MetricGraph (dict) –
A metric graph associated with the audit finding, showing relevant performance data that may be related to the identified issue.
MetricDataQueries (list) –
An array of metric data queries that define what metrics to display in the graph. Each query specifies the metric source, aggregation, and time range.
(dict) –
Use this structure to define a metric or metric math expression that you want to use as for a service level objective.
Each
MetricDataQueryin theMetricDataQueriesarray specifies either a metric to retrieve, or a metric math expression to be performed on retrieved metrics. A singleMetricDataQueriesarray can include as many as 20MetricDataQuerystructures in the array. The 20 structures can include as many as 10 structures that contain aMetricStatparameter to retrieve a metric, and as many as 10 structures that contain theExpressionparameter to perform a math expression. Of thoseExpressionstructures, exactly one must have true as the value forReturnData. The result of this expression used for the SLO.For more information about metric math expressions, see CloudWatchUse metric math.
Within each
MetricDataQueryobject, you must specify eitherExpressionorMetricStatbut not both.Id (string) –
A short name used to tie this object to the results in the response. This
Idmust be unique within aMetricDataQueriesarray. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the metric math expression. The valid characters are letters, numbers, and underscore. The first character must be a lowercase letter.MetricStat (dict) –
A metric to be used directly for the SLO, or to be used in the math expression that will be used for the SLO.
Within one
MetricDataQueryobject, you must specify eitherExpressionorMetricStatbut not both.Metric (dict) –
The metric to use as the service level indicator, including the metric name, namespace, and dimensions.
Namespace (string) –
The namespace of the metric. For more information, see Namespaces.
MetricName (string) –
The name of the metric to use.
Dimensions (list) –
An array of one or more dimensions to use to define the metric that you want to use. For more information, see Dimensions.
(dict) –
A dimension is a name/value pair that is part of the identity of a metric. Because dimensions are part of the unique identifier for a metric, whenever you add a unique name/value pair to one of your metrics, you are creating a new variation of that metric. For example, many Amazon EC2 metrics publish
InstanceIdas a dimension name, and the actual instance ID as the value for that dimension.You can assign up to 30 dimensions to a metric.
Name (string) –
The name of the dimension. Dimension names must contain only ASCII characters, must include at least one non-whitespace character, and cannot start with a colon (
:). ASCII control characters are not supported as part of dimension names.Value (string) –
The value of the dimension. Dimension values must contain only ASCII characters and must include at least one non-whitespace character. ASCII control characters are not supported as part of dimension values.
Period (integer) –
The granularity, in seconds, to be used for the metric. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a
PutMetricDatacall that includes aStorageResolutionof 1 second.Stat (string) –
The statistic to use for comparison to the threshold. It can be any CloudWatch statistic or extended statistic. For more information about statistics, see CloudWatch statistics definitions.
Unit (string) –
If you omit
Unitthen all data that was collected with any unit is returned, along with the corresponding units that were specified when the data was reported to CloudWatch. If you specify a unit, the operation returns only data that was collected with that unit specified. If you specify a unit that does not match the data collected, the results of the operation are null. CloudWatch does not perform unit conversions.
Expression (string) –
This field can contain a metric math expression to be performed on the other metrics that you are retrieving within this
MetricDataQueriesstructure.A math expression can use the
Idof the other metrics or queries to refer to those metrics, and can also use theIdof other expressions to use the result of those expressions. For more information about metric math expressions, see Metric Math Syntax and Functions in the Amazon CloudWatch User Guide.Within each
MetricDataQueryobject, you must specify eitherExpressionorMetricStatbut not both.Label (string) –
A human-readable label for this metric or expression. This is especially useful if this is an expression, so that you know what the value represents. If the metric or expression is shown in a CloudWatch dashboard widget, the label is shown. If
Labelis omitted, CloudWatch generates a default.You can put dynamic expressions into a label, so that it is more descriptive. For more information, see Using Dynamic Labels.
ReturnData (boolean) –
Use this only if you are using a metric math expression for the SLO. Specify
trueforReturnDatafor only the one expression result to use as the alarm. For all other metrics and expressions in the sameCreateServiceLevelObjectiveoperation, specifyReturnDataasfalse.Period (integer) –
The granularity, in seconds, of the returned data points for this metric. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a
PutMetricDatacall that includes aStorageResolutionof 1 second.If the
StartTimeparameter specifies a time stamp that is greater than 3 hours ago, you must specify the period as follows or no data points in that time range is returned:Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds (1 minute).
Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 minutes).
Start time greater than 63 days ago - Use a multiple of 3600 seconds (1 hour).
AccountId (string) –
The ID of the account where this metric is located. If you are performing this operation in a monitoring account, use this to specify which source account to retrieve this metric from.
StartTime (datetime) –
The start time for the metric data displayed in the graph, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
EndTime (datetime) –
The end time for the metric data displayed in the graph, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
DependencyGraph (dict) –
A dependency graph showing the relationships between services that may be affected by or related to the audit finding.
Nodes (list) –
An array of nodes in the dependency graph, where each node represents a service or component.
(dict) –
Represents a node in a dependency graph, typically corresponding to a service or component in your application architecture.
KeyAttributes (dict) –
A map of key attributes that identify and describe the node, such as service name, environment, and other metadata.
(string) –
(string) –
Name (string) –
The display name of the node, typically the service or component name.
NodeId (string) –
A unique identifier for the node within the dependency graph.
Operation (string) –
The specific operation or endpoint within the service that this node represents, if applicable.
Type (string) –
The type of node, such as “Service”, “Database”, “Queue”, or “External”.
Duration (float) –
The typical response time or processing duration for this node, measured in milliseconds.
Status (string) –
The current health status of the node, such as “Healthy”, “Warning”, or “Critical”.
Edges (list) –
An array of edges in the dependency graph, where each edge represents a connection or dependency between two nodes.
(dict) –
Represents a connection between two nodes in a dependency graph, showing how services or components interact with each other.
SourceNodeId (string) –
The identifier of the source node in the dependency relationship.
DestinationNodeId (string) –
The identifier of the destination node in the dependency relationship.
Duration (float) –
The typical duration or latency of interactions along this edge, measured in milliseconds.
ConnectionType (string) –
The type of connection between the nodes, such as “HTTP”, “Database”, “Queue”, or “Internal”.
Type (string) –
The type or category of the audit finding, such as “Performance”, “Security”, or “Configuration”.
NextToken (string) –
The token to use for retrieving the next page of results. This value is present only if there are more results available than were returned in the current response.
Exceptions
CloudWatchApplicationSignals.Client.exceptions.ValidationExceptionCloudWatchApplicationSignals.Client.exceptions.ThrottlingException