Note:

You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . observabilityadmin ]

update-telemetry-rule-for-organization¶

Description¶

Updates an existing telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization’s management account or a delegated administrator account.

Synopsis¶

  update-telemetry-rule-for-organization
--rule-identifier <value>
--rule <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]

Options¶

--rule-identifier (string)

The identifier (name or ARN) of the organization telemetry rule to update.

--rule (structure)

The new configuration details for the organization telemetry rule, including resource type, telemetry type, and destination configuration.

ResourceType -> (string)

The type of Amazon Web Services resource to configure telemetry for (e.g., “AWS::EC2::VPC”, “AWS::EKS::Cluster”, “AWS::WAFv2::WebACL”).

TelemetryType -> (string)

The type of telemetry to collect (Logs, Metrics, or Traces).

TelemetrySourceTypes -> (list)

The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.

(string)

Specifies the type of telemetry source for a resource, such as EKS cluster logs.

DestinationConfiguration -> (structure)

Configuration specifying where and how the telemetry data should be delivered.

DestinationType -> (string)

The type of destination for the telemetry data (e.g., “Amazon CloudWatch Logs”, “S3”).

DestinationPattern -> (string)

The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

RetentionInDays -> (integer)

The number of days to retain the telemetry data in the destination.

VPCFlowLogParameters -> (structure)

Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

LogFormat -> (string)

The format in which VPC Flow Log entries should be logged.

TrafficType -> (string)

The type of traffic to log (ACCEPT, REJECT, or ALL).

MaxAggregationInterval -> (integer)

The maximum interval in seconds between the capture of flow log records.

CloudtrailParameters -> (structure)

Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.

AdvancedEventSelectors -> (list)

The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.

(structure)

Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.

Name -> (string)

An optional, descriptive name for an advanced event selector, such as “Log data events for only two S3 buckets”.

FieldSelectors -> (list)

Contains all selector statements in an advanced event selector.

(structure)

Defines criteria for selecting resources based on field values.

Field -> (string)

The name of the field to use for selection.

Equals -> (list)

Matches if the field value equals the specified value.

(string)

StartsWith -> (list)

Matches if the field value starts with the specified value.

(string)

EndsWith -> (list)

Matches if the field value ends with the specified value.

(string)

NotEquals -> (list)

Matches if the field value does not equal the specified value.

(string)

NotStartsWith -> (list)

Matches if the field value does not start with the specified value.

(string)

NotEndsWith -> (list)

Matches if the field value does not end with the specified value.

(string)

ELBLoadBalancerLoggingParameters -> (structure)

Configuration parameters specific to ELB load balancer logging when ELB is the resource type.

OutputFormat -> (string)

The format for ELB access log entries (plain text or JSON format).

FieldDelimiter -> (string)

The delimiter character used to separate fields in ELB access log entries when using plain text format.

WAFLoggingParameters -> (structure)

Configuration parameters specific to WAF logging when WAF is the resource type.

RedactedFields -> (list)

The fields to redact from WAF logs to protect sensitive information.

(structure)

Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.

SingleHeader -> (structure)

Redacts a specific header field by name from WAF logs.

Name -> (string)

The name value, limited to 64 characters.

UriPath -> (string)

Redacts the URI path from WAF logs.

QueryString -> (string)

Redacts the entire query string from WAF logs.

Method -> (string)

Redacts the HTTP method from WAF logs.

LoggingFilter -> (structure)

A filter configuration that determines which WAF log records to include or exclude.

Filters -> (list)

A list of filter conditions that determine log record handling behavior.

(structure)

A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.

Behavior -> (string)

The action to take for log records matching this filter (KEEP or DROP).

Requirement -> (string)

Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.

Conditions -> (list)

The list of conditions that determine if a log record matches this filter.

(structure)

A single condition that can match based on WAF rule action or label name.

ActionCondition -> (structure)

Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).

Action -> (string)

The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).

LabelNameCondition -> (structure)

Matches log records based on WAF rule labels applied to the request.

LabelName -> (string)

The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.

DefaultBehavior -> (string)

The default action (KEEP or DROP) for log records that don’t match any filter conditions.

LogType -> (string)

The type of WAF logs to collect (currently supports WAF_LOGS).

LogDeliveryParameters -> (structure)

Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.

LogTypes -> (list)

The type of log that the source is sending.

(string)

Scope -> (string)

The organizational scope to which the rule applies, specified using accounts or organizational units.

SelectionCriteria -> (string)

Criteria for selecting which resources the rule applies to, such as resource tags.

JSON Syntax:

{
  "ResourceType": "AWS::EC2::Instance"|"AWS::EC2::VPC"|"AWS::Lambda::Function"|"AWS::CloudTrail"|"AWS::EKS::Cluster"|"AWS::WAFv2::WebACL"|"AWS::ElasticLoadBalancingV2::LoadBalancer"|"AWS::Route53Resolver::ResolverEndpoint"|"AWS::BedrockAgentCore::Runtime"|"AWS::BedrockAgentCore::Browser"|"AWS::BedrockAgentCore::CodeInterpreter",
  "TelemetryType": "Logs"|"Metrics"|"Traces",
  "TelemetrySourceTypes": ["VPC_FLOW_LOGS"|"ROUTE53_RESOLVER_QUERY_LOGS"|"EKS_AUDIT_LOGS"|"EKS_AUTHENTICATOR_LOGS"|"EKS_CONTROLLER_MANAGER_LOGS"|"EKS_SCHEDULER_LOGS"|"EKS_API_LOGS", ...],
  "DestinationConfiguration": {
    "DestinationType": "cloud-watch-logs",
    "DestinationPattern": "string",
    "RetentionInDays": integer,
    "VPCFlowLogParameters": {
      "LogFormat": "string",
      "TrafficType": "string",
      "MaxAggregationInterval": integer
    },
    "CloudtrailParameters": {
      "AdvancedEventSelectors": [
        {
          "Name": "string",
          "FieldSelectors": [
            {
              "Field": "string",
              "Equals": ["string", ...],
              "StartsWith": ["string", ...],
              "EndsWith": ["string", ...],
              "NotEquals": ["string", ...],
              "NotStartsWith": ["string", ...],
              "NotEndsWith": ["string", ...]
            }
            ...
          ]
        }
        ...
      ]
    },
    "ELBLoadBalancerLoggingParameters": {
      "OutputFormat": "plain"|"json",
      "FieldDelimiter": "string"
    },
    "WAFLoggingParameters": {
      "RedactedFields": [
        {
          "SingleHeader": {
            "Name": "string"
          },
          "UriPath": "string",
          "QueryString": "string",
          "Method": "string"
        }
        ...
      ],
      "LoggingFilter": {
        "Filters": [
          {
            "Behavior": "KEEP"|"DROP",
            "Requirement": "MEETS_ALL"|"MEETS_ANY",
            "Conditions": [
              {
                "ActionCondition": {
                  "Action": "ALLOW"|"BLOCK"|"COUNT"|"CAPTCHA"|"CHALLENGE"|"EXCLUDED_AS_COUNT"
                },
                "LabelNameCondition": {
                  "LabelName": "string"
                }
              }
              ...
            ]
          }
          ...
        ],
        "DefaultBehavior": "KEEP"|"DROP"
      },
      "LogType": "WAF_LOGS"
    },
    "LogDeliveryParameters": {
      "LogTypes": ["APPLICATION_LOGS"|"USAGE_LOGS", ...]
    }
  },
  "Scope": "string",
  "SelectionCriteria": "string"
}

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

Global Options¶

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command’s default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.

--output (string)

The formatting style for command output.

json
text
table

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

on
off
auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

Output¶

RuleArn -> (string)

The Amazon Resource Name (ARN) of the updated organization telemetry rule.

Table of Contents

Feedback

User Guide