AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.
[ aws . stepfunctions ]
Updates an existing state machine by modifying its definition
, roleArn
, loggingConfiguration
, or EncryptionConfiguration
. Running executions will continue to use the previous definition
and roleArn
. You must include at least one of definition
or roleArn
or you will receive a MissingRequiredParameter
error.
A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel
refers to a Distributed Map state with a label mapStateLabel
in the state machine named stateMachineName
.
A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.
The following are some examples of qualified and unqualified state machine ARNs:
mapStateLabel
in a state machine named myStateMachine
. arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel
ValidationException
.PROD
. arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine:PROD>
myStateMachine
. arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine>
After you update your state machine, you can set the publish
parameter to true
in the same action to publish a new version . This way, you can opt-in to strict versioning of your state machine.
StartExecution
calls within a few seconds use the updated definition
and roleArn
. Executions started immediately after you call UpdateStateMachine
may use the previous state machine definition
and roleArn
.See also: AWS API Documentation
update-state-machine
--state-machine-arn <value>
[--definition <value>]
[--role-arn <value>]
[--logging-configuration <value>]
[--tracing-configuration <value>]
[--publish | --no-publish]
[--version-description <value>]
[--encryption-configuration <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
--state-machine-arn
(string)
The Amazon Resource Name (ARN) of the state machine.
--definition
(string)
The Amazon States Language definition of the state machine. See Amazon States Language .
--role-arn
(string)
The Amazon Resource Name (ARN) of the IAM role of the state machine.
--logging-configuration
(structure)
Use the
LoggingConfiguration
data type to set CloudWatch Logs options.level -> (string)
Defines which category of execution history events are logged.includeExecutionData -> (boolean)
Determines whether execution data is included in your log. When set tofalse
, data is excluded.destinations -> (list)
An array of objects that describes where your execution history events will be logged. Limited to size 1. Required, if your log level is not set to
OFF
.(structure)
cloudWatchLogsLogGroup -> (structure)
An object describing a CloudWatch log group. For more information, see AWS::Logs::LogGroup in the CloudFormation User Guide.
logGroupArn -> (string)
The ARN of the the CloudWatch log group to which you want your logs emitted to. The ARN must end with:*
JSON Syntax:
{
"level": "ALL"|"ERROR"|"FATAL"|"OFF",
"includeExecutionData": true|false,
"destinations": [
{
"cloudWatchLogsLogGroup": {
"logGroupArn": "string"
}
}
...
]
}
--tracing-configuration
(structure)
Selects whether X-Ray tracing is enabled.
enabled -> (boolean)
When set totrue
, X-Ray tracing is enabled.
Shorthand Syntax:
enabled=boolean
JSON Syntax:
{
"enabled": true|false
}
--publish
| --no-publish
(boolean)
Specifies whether the state machine version is published. The default isfalse
. To publish a version after updating the state machine, setpublish
totrue
.
--version-description
(string)
An optional description of the state machine version to publish.
You can only specify the
versionDescription
parameter if you've setpublish
totrue
.
--encryption-configuration
(structure)
Settings to configure server-side encryption.
kmsKeyId -> (string)
An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.kmsDataKeyReusePeriodSeconds -> (integer)
Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will callGenerateDataKey
. Only applies to customer managed keys.type -> (string)
Encryption type
Shorthand Syntax:
kmsKeyId=string,kmsDataKeyReusePeriodSeconds=integer,type=string
JSON Syntax:
{
"kmsKeyId": "string",
"kmsDataKeyReusePeriodSeconds": integer,
"type": "AWS_OWNED_KEY"|"CUSTOMER_MANAGED_KMS_KEY"
}
--cli-input-json
(string)
Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
--debug
(boolean)
Turn on debug logging.
--endpoint-url
(string)
Override command's default URL with the given URL.
--no-verify-ssl
(boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate
(boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output
(string)
The formatting style for command output.
--query
(string)
A JMESPath query to use in filtering the response data.
--profile
(string)
Use a specific profile from your credential file.
--region
(string)
The region to use. Overrides config/env settings.
--version
(string)
Display the version of this tool.
--color
(string)
Turn on/off color output.
--no-sign-request
(boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle
(string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout
(int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout
(int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
updateDate -> (timestamp)
The date and time the state machine was updated.
revisionId -> (string)
The revision identifier for the updated state machine.
stateMachineVersionArn -> (string)
The Amazon Resource Name (ARN) of the published state machine version.
If the
publish
parameter isn't set totrue
, this field returns null.