[ aws . observabilityadmin ]
create-telemetry-rule-for-organization¶
Description¶
Creates a telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization’s management account or a delegated administrator account.
See also: AWS API Documentation
Synopsis¶
create-telemetry-rule-for-organization
--rule-name <value>
--rule <value>
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]
Options¶
--rule-name (string) [required]
A unique name for the organization-wide telemetry rule being created.
Constraints:
- min:
1- max:
100- pattern:
[0-9A-Za-z-_.#/]+
--rule (structure) [required]
The configuration details for the organization-wide telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to across the organization.
ResourceType -> (string)
The type of Amazon Web Services resource to configure telemetry for (e.g., “AWS::EC2::VPC”, “AWS::EKS::Cluster”, “AWS::WAFv2::WebACL”).
Possible values:
AWS::EC2::InstanceAWS::EC2::VPCAWS::Lambda::FunctionAWS::CloudTrailAWS::EKS::ClusterAWS::WAFv2::WebACLAWS::ElasticLoadBalancingV2::LoadBalancerAWS::Route53Resolver::ResolverEndpointAWS::BedrockAgentCore::RuntimeAWS::BedrockAgentCore::BrowserAWS::BedrockAgentCore::CodeInterpreterTelemetryType -> (string) [required]
The type of telemetry to collect (Logs, Metrics, or Traces).
Possible values:
LogsMetricsTracesTelemetrySourceTypes -> (list)
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string)
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
Possible values:
VPC_FLOW_LOGSROUTE53_RESOLVER_QUERY_LOGSEKS_AUDIT_LOGSEKS_AUTHENTICATOR_LOGSEKS_CONTROLLER_MANAGER_LOGSEKS_SCHEDULER_LOGSEKS_API_LOGSDestinationConfiguration -> (structure)
Configuration specifying where and how the telemetry data should be delivered.
DestinationType -> (string)
The type of destination for the telemetry data (e.g., “Amazon CloudWatch Logs”, “S3”).
Possible values:
cloud-watch-logsDestinationPattern -> (string)
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.RetentionInDays -> (integer)
The number of days to retain the telemetry data in the destination.
Constraints:
- min:
1- max:
3653VPCFlowLogParameters -> (structure)
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat -> (string)
The format in which VPC Flow Log entries should be logged.TrafficType -> (string)
The type of traffic to log (ACCEPT, REJECT, or ALL).MaxAggregationInterval -> (integer)
The maximum interval in seconds between the capture of flow log records.CloudtrailParameters -> (structure)
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors -> (list) [required]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(structure)
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name -> (string)
An optional, descriptive name for an advanced event selector, such as “Log data events for only two S3 buckets”.FieldSelectors -> (list) [required]
Contains all selector statements in an advanced event selector.
(structure)
Defines criteria for selecting resources based on field values.
Field -> (string) [required]
The name of the field to use for selection.Equals -> (list)
Matches if the field value equals the specified value.
(string)
StartsWith -> (list)
Matches if the field value starts with the specified value.
(string)
EndsWith -> (list)
Matches if the field value ends with the specified value.
(string)
NotEquals -> (list)
Matches if the field value does not equal the specified value.
(string)
NotStartsWith -> (list)
Matches if the field value does not start with the specified value.
(string)
NotEndsWith -> (list)
Matches if the field value does not end with the specified value.
(string)
ELBLoadBalancerLoggingParameters -> (structure)
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat -> (string)
The format for ELB access log entries (plain text or JSON format).
Possible values:
plainjsonFieldDelimiter -> (string)
The delimiter character used to separate fields in ELB access log entries when using plain text format.WAFLoggingParameters -> (structure)
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields -> (list)
The fields to redact from WAF logs to protect sensitive information.
Constraints:
- min:
0- max:
100(structure)
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader -> (structure)
Redacts a specific header field by name from WAF logs.
Name -> (string)
The name value, limited to 64 characters.
Constraints:
- min:
1- max:
64UriPath -> (string)
Redacts the URI path from WAF logs.QueryString -> (string)
Redacts the entire query string from WAF logs.Method -> (string)
Redacts the HTTP method from WAF logs.LoggingFilter -> (structure)
A filter configuration that determines which WAF log records to include or exclude.
Filters -> (list)
A list of filter conditions that determine log record handling behavior.
Constraints:
- min:
1(structure)
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior -> (string)
The action to take for log records matching this filter (KEEP or DROP).
Possible values:
KEEPDROPRequirement -> (string)
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Possible values:
MEETS_ALLMEETS_ANYConditions -> (list)
The list of conditions that determine if a log record matches this filter.
Constraints:
- min:
1(structure)
A single condition that can match based on WAF rule action or label name.
ActionCondition -> (structure)
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action -> (string)
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
Possible values:
ALLOWBLOCKCOUNTCAPTCHACHALLENGEEXCLUDED_AS_COUNTLabelNameCondition -> (structure)
Matches log records based on WAF rule labels applied to the request.
LabelName -> (string)
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
Constraints:
- min:
1- max:
1024- pattern:
[0-9A-Za-z_\-:]+DefaultBehavior -> (string)
The default action (KEEP or DROP) for log records that don’t match any filter conditions.
Possible values:
KEEPDROPLogType -> (string)
The type of WAF logs to collect (currently supports WAF_LOGS).
Possible values:
WAF_LOGSLogDeliveryParameters -> (structure)
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes -> (list)
The type of log that the source is sending.
(string)
Possible values:
APPLICATION_LOGSUSAGE_LOGSScope -> (string)
The organizational scope to which the rule applies, specified using accounts or organizational units.SelectionCriteria -> (string)
Criteria for selecting which resources the rule applies to, such as resource tags.
JSON Syntax:
{
"ResourceType": "AWS::EC2::Instance"|"AWS::EC2::VPC"|"AWS::Lambda::Function"|"AWS::CloudTrail"|"AWS::EKS::Cluster"|"AWS::WAFv2::WebACL"|"AWS::ElasticLoadBalancingV2::LoadBalancer"|"AWS::Route53Resolver::ResolverEndpoint"|"AWS::BedrockAgentCore::Runtime"|"AWS::BedrockAgentCore::Browser"|"AWS::BedrockAgentCore::CodeInterpreter",
"TelemetryType": "Logs"|"Metrics"|"Traces",
"TelemetrySourceTypes": ["VPC_FLOW_LOGS"|"ROUTE53_RESOLVER_QUERY_LOGS"|"EKS_AUDIT_LOGS"|"EKS_AUTHENTICATOR_LOGS"|"EKS_CONTROLLER_MANAGER_LOGS"|"EKS_SCHEDULER_LOGS"|"EKS_API_LOGS", ...],
"DestinationConfiguration": {
"DestinationType": "cloud-watch-logs",
"DestinationPattern": "string",
"RetentionInDays": integer,
"VPCFlowLogParameters": {
"LogFormat": "string",
"TrafficType": "string",
"MaxAggregationInterval": integer
},
"CloudtrailParameters": {
"AdvancedEventSelectors": [
{
"Name": "string",
"FieldSelectors": [
{
"Field": "string",
"Equals": ["string", ...],
"StartsWith": ["string", ...],
"EndsWith": ["string", ...],
"NotEquals": ["string", ...],
"NotStartsWith": ["string", ...],
"NotEndsWith": ["string", ...]
}
...
]
}
...
]
},
"ELBLoadBalancerLoggingParameters": {
"OutputFormat": "plain"|"json",
"FieldDelimiter": "string"
},
"WAFLoggingParameters": {
"RedactedFields": [
{
"SingleHeader": {
"Name": "string"
},
"UriPath": "string",
"QueryString": "string",
"Method": "string"
}
...
],
"LoggingFilter": {
"Filters": [
{
"Behavior": "KEEP"|"DROP",
"Requirement": "MEETS_ALL"|"MEETS_ANY",
"Conditions": [
{
"ActionCondition": {
"Action": "ALLOW"|"BLOCK"|"COUNT"|"CAPTCHA"|"CHALLENGE"|"EXCLUDED_AS_COUNT"
},
"LabelNameCondition": {
"LabelName": "string"
}
}
...
]
}
...
],
"DefaultBehavior": "KEEP"|"DROP"
},
"LogType": "WAF_LOGS"
},
"LogDeliveryParameters": {
"LogTypes": ["APPLICATION_LOGS"|"USAGE_LOGS", ...]
}
},
"Scope": "string",
"SelectionCriteria": "string"
}
--tags (map)
The key-value pairs to associate with the organization telemetry rule resource for categorization and management purposes.
Constraints:
- min:
1- max:
50key -> (string)
Constraints:
- min:
1- max:
128- pattern:
([\p{L}\p{Z}\p{N}_.:/=+\-@]*)value -> (string)
Constraints:
- min:
0- max:
256- pattern:
([\p{L}\p{Z}\p{N}_.:/=+\-@]*)
Shorthand Syntax:
KeyName1=string,KeyName2=string
JSON Syntax:
{"string": "string"
...}
--cli-input-json | --cli-input-yaml (string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.
--generate-cli-skeleton (string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
Global Options¶
--debug (boolean)
Turn on debug logging.
--endpoint-url (string)
Override command’s default URL with the given URL.
--no-verify-ssl (boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate (boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output (string)
The formatting style for command output.
- json
- text
- table
- yaml
- yaml-stream
--query (string)
A JMESPath query to use in filtering the response data.
--profile (string)
Use a specific profile from your credential file.
--region (string)
The region to use. Overrides config/env settings.
--version (string)
Display the version of this tool.
--color (string)
Turn on/off color output.
- on
- off
- auto
--no-sign-request (boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle (string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout (int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout (int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
--cli-binary-format (string)
The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.
- base64
- raw-in-base64-out
--no-cli-pager (boolean)
Disable cli pager for output.
--cli-auto-prompt (boolean)
Automatically prompt for CLI input parameters.
--no-cli-auto-prompt (boolean)
Disable automatically prompt for CLI input parameters.
Output¶
RuleArn -> (string)
The Amazon Resource Name (ARN) of the created organization telemetry rule.
Constraints:
- min:
1- max:
1011- pattern:
arn:aws([a-z0-9\-]+)?:([a-zA-Z0-9\-]+):([a-z0-9\-]+)?:([0-9]{12})?:(.+)