UpdateCase
Updates an existing case.
Request Syntax
POST /v1/cases/caseId/update-case HTTP/1.1
Content-type: application/json
{
"actualIncidentStartDate": number,
"description": "string",
"engagementType": "string",
"impactedAccountsToAdd": [ "string" ],
"impactedAccountsToDelete": [ "string" ],
"impactedAwsRegionsToAdd": [
{
"region": "string"
}
],
"impactedAwsRegionsToDelete": [
{
"region": "string"
}
],
"impactedServicesToAdd": [ "string" ],
"impactedServicesToDelete": [ "string" ],
"reportedIncidentStartDate": number,
"threatActorIpAddressesToAdd": [
{
"ipAddress": "string",
"userAgent": "string"
}
],
"threatActorIpAddressesToDelete": [
{
"ipAddress": "string",
"userAgent": "string"
}
],
"title": "string",
"watchersToAdd": [
{
"email": "string",
"jobTitle": "string",
"name": "string"
}
],
"watchersToDelete": [
{
"email": "string",
"jobTitle": "string",
"name": "string"
}
]
}URI Request Parameters
The request uses the following URI parameters.
- caseId
-
Required element for UpdateCase to identify the case ID for updates.
Length Constraints: Minimum length of 10. Maximum length of 32.
Pattern:
\d{10,32}.*Required: Yes
Request Body
The request accepts the following data in JSON format.
- actualIncidentStartDate
-
Optional element for UpdateCase to provide content for the incident start date field.
Type: Timestamp
Required: No
- description
-
Optional element for UpdateCase to provide content for the description field.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 8000.
Required: No
- engagementType
-
Optional element for UpdateCase to provide content for the engagement type field.
Available engagement types include Security Incident | Investigation.Type: String
Valid Values:
Security Incident | InvestigationRequired: No
- impactedAccountsToAdd
-
Optional element for UpdateCase to provide content to add accounts impacted.
Note
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be
123123123which is nine digits, and with zero-prepend would be000123123123. Not zero-prepending to 12 digits could result in errors.Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Length Constraints: Fixed length of 12.
Pattern:
[0-9]{12}Required: No
- impactedAccountsToDelete
-
Optional element for UpdateCase to provide content to add accounts impacted.
Note
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be
123123123which is nine digits, and with zero-prepend would be000123123123. Not zero-prepending to 12 digits could result in errors.Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Length Constraints: Fixed length of 12.
Pattern:
[0-9]{12}Required: No
- impactedAwsRegionsToAdd
-
Optional element for UpdateCase to provide content to add regions impacted.
Type: Array of ImpactedAwsRegion objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
- impactedAwsRegionsToDelete
-
Optional element for UpdateCase to provide content to remove regions impacted.
Type: Array of ImpactedAwsRegion objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
- impactedServicesToAdd
-
Optional element for UpdateCase to provide content to add services impacted.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 600 items.
Length Constraints: Minimum length of 3. Maximum length of 50.
Pattern:
[a-zA-Z0-9 -.():]+Required: No
- impactedServicesToDelete
-
Optional element for UpdateCase to provide content to remove services impacted.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 600 items.
Length Constraints: Minimum length of 3. Maximum length of 50.
Pattern:
[a-zA-Z0-9 -.():]+Required: No
- reportedIncidentStartDate
-
Optional element for UpdateCase to provide content for the customer reported incident start date field.
Type: Timestamp
Required: No
- threatActorIpAddressesToAdd
-
Optional element for UpdateCase to provide content to add additional suspicious IP addresses related to a case.
Type: Array of ThreatActorIp objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
- threatActorIpAddressesToDelete
-
Optional element for UpdateCase to provide content to remove suspicious IP addresses from a case.
Type: Array of ThreatActorIp objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
- title
-
Optional element for UpdateCase to provide content for the title field.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 300.
Required: No
- watchersToAdd
-
Optional element for UpdateCase to provide content to add additional watchers to a case.
Type: Array of Watcher objects
Array Members: Minimum number of 0 items. Maximum number of 30 items.
Required: No
- watchersToDelete
-
Optional element for UpdateCase to provide content to remove existing watchers from a case.
Type: Array of Watcher objects
Array Members: Minimum number of 0 items. Maximum number of 30 items.
Required: No
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
HTTP Status Code: 403
- ConflictException
-
HTTP Status Code: 409
- InternalServerException
-
HTTP Status Code: 500
- InvalidTokenException
-
HTTP Status Code: 423
- ResourceNotFoundException
-
HTTP Status Code: 404
- SecurityIncidentResponseNotActiveException
-
HTTP Status Code: 400
- ServiceQuotaExceededException
-
HTTP Status Code: 402
- ThrottlingException
-
HTTP Status Code: 429
- ValidationException
-
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
