CreateSecurityProfile - AWS IoT
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

CreateSecurityProfile

Creates a Device Defender security profile.

Requires permission to access the CreateSecurityProfile action.

Request Syntax

POST /security-profiles/securityProfileName HTTP/1.1
Content-type: application/json

{
   "additionalMetricsToRetain": [ "string" ],
   "additionalMetricsToRetainV2": [ 
      { 
         "exportMetric": boolean,
         "metric": "string",
         "metricDimension": { 
            "dimensionName": "string",
            "operator": "string"
         }
      }
   ],
   "alertTargets": { 
      "string" : { 
         "alertTargetArn": "string",
         "roleArn": "string"
      }
   },
   "behaviors": [ 
      { 
         "criteria": { 
            "comparisonOperator": "string",
            "consecutiveDatapointsToAlarm": number,
            "consecutiveDatapointsToClear": number,
            "durationSeconds": number,
            "mlDetectionConfig": { 
               "confidenceLevel": "string"
            },
            "statisticalThreshold": { 
               "statistic": "string"
            },
            "value": { 
               "cidrs": [ "string" ],
               "count": number,
               "number": number,
               "numbers": [ number ],
               "ports": [ number ],
               "strings": [ "string" ]
            }
         },
         "exportMetric": boolean,
         "metric": "string",
         "metricDimension": { 
            "dimensionName": "string",
            "operator": "string"
         },
         "name": "string",
         "suppressAlerts": boolean
      }
   ],
   "metricsExportConfig": { 
      "mqttTopic": "string",
      "roleArn": "string"
   },
   "securityProfileDescription": "string",
   "tags": [ 
      { 
         "Key": "string",
         "Value": "string"
      }
   ]
}

URI Request Parameters

The request uses the following URI parameters.

securityProfileName

The name you are giving to the security profile.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [a-zA-Z0-9:_-]+

Required: Yes

Request Body

The request accepts the following data in JSON format.

additionalMetricsToRetain

This parameter has been deprecated.

Please use CreateSecurityProfile:additionalMetricsToRetainV2 instead.

A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.

Type: Array of strings

Required: No

additionalMetricsToRetainV2

A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.

Type: Array of MetricToRetain objects

Required: No

alertTargets

Specifies the destinations to which alerts are sent. (Alerts are always sent to the console.) Alerts are generated when a device (thing) violates a behavior.

Type: String to AlertTarget object map

Valid Keys: SNS

Required: No

behaviors

Specifies the behaviors that, when violated by a device (thing), cause an alert.

Type: Array of Behavior objects

Array Members: Maximum number of 100 items.

Required: No

metricsExportConfig

Specifies the MQTT topic and role ARN required for metric export.

Type: MetricsExportConfig object

Required: No

securityProfileDescription

A description of the security profile.

Type: String

Length Constraints: Maximum length of 1000.

Pattern: [\p{Graph}\x20]*

Required: No

tags

Metadata that can be used to manage the security profile.

Type: Array of Tag objects

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "securityProfileArn": "string",
   "securityProfileName": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

securityProfileArn

The ARN of the security profile.

Type: String

securityProfileName

The name you gave to the security profile.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [a-zA-Z0-9:_-]+

Errors

InternalFailureException

An unexpected error has occurred.

message

The message for the exception.

HTTP Status Code: 500

InvalidRequestException

The request is not valid.

message

The message for the exception.

HTTP Status Code: 400

ResourceAlreadyExistsException

The resource already exists.

message

The message for the exception.

resourceArn

The ARN of the resource that caused the exception.

resourceId

The ID of the resource that caused the exception.

HTTP Status Code: 409

ThrottlingException

The rate exceeds the limit.

message

The message for the exception.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: