This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS IoT **Resource types** + [AWS::IoT::AccountAuditConfiguration](aws-resource-iot-accountauditconfiguration.md) + [AWS::IoT::Authorizer](aws-resource-iot-authorizer.md) + [AWS::IoT::BillingGroup](aws-resource-iot-billinggroup.md) + [AWS::IoT::CACertificate](aws-resource-iot-cacertificate.md) + [AWS::IoT::Certificate](aws-resource-iot-certificate.md) + [AWS::IoT::CertificateProvider](aws-resource-iot-certificateprovider.md) + [AWS::IoT::Command](aws-resource-iot-command.md) + [AWS::IoT::CustomMetric](aws-resource-iot-custommetric.md) + [AWS::IoT::Dimension](aws-resource-iot-dimension.md) + [AWS::IoT::DomainConfiguration](aws-resource-iot-domainconfiguration.md) + [AWS::IoT::EncryptionConfiguration](aws-resource-iot-encryptionconfiguration.md) + [AWS::IoT::FleetMetric](aws-resource-iot-fleetmetric.md) + [AWS::IoT::JobTemplate](aws-resource-iot-jobtemplate.md) + [AWS::IoT::Logging](aws-resource-iot-logging.md) + [AWS::IoT::MitigationAction](aws-resource-iot-mitigationaction.md) + [AWS::IoT::Policy](aws-resource-iot-policy.md) + [AWS::IoT::PolicyPrincipalAttachment](aws-resource-iot-policyprincipalattachment.md) + [AWS::IoT::ProvisioningTemplate](aws-resource-iot-provisioningtemplate.md) + [AWS::IoT::ResourceSpecificLogging](aws-resource-iot-resourcespecificlogging.md) + [AWS::IoT::RoleAlias](aws-resource-iot-rolealias.md) + [AWS::IoT::ScheduledAudit](aws-resource-iot-scheduledaudit.md) + [AWS::IoT::SecurityProfile](aws-resource-iot-securityprofile.md) + [AWS::IoT::SoftwarePackage](aws-resource-iot-softwarepackage.md) + [AWS::IoT::SoftwarePackageVersion](aws-resource-iot-softwarepackageversion.md) + [AWS::IoT::Thing](aws-resource-iot-thing.md) + [AWS::IoT::ThingGroup](aws-resource-iot-thinggroup.md) + [AWS::IoT::ThingPrincipalAttachment](aws-resource-iot-thingprincipalattachment.md) + [AWS::IoT::ThingType](aws-resource-iot-thingtype.md) + [AWS::IoT::TopicRule](aws-resource-iot-topicrule.md) + [AWS::IoT::TopicRuleDestination](aws-resource-iot-topicruledestination.md) # AWS::IoT::AccountAuditConfiguration Use the `AWS::IoT::AccountAuditConfiguration` resource to configure or reconfigure the Device Defender audit settings for your account. Settings include how audit notifications are sent and which audit checks are enabled or disabled. For API reference, see [UpdateAccountAuditConfiguration](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAccountAuditConfiguration.html) and for detailed information on all available audit checks, see [Audit checks](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit-checks.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::AccountAuditConfiguration", "Properties" : { "[AccountId](#cfn-iot-accountauditconfiguration-accountid)" : String, "[AuditCheckConfigurations](#cfn-iot-accountauditconfiguration-auditcheckconfigurations)" : AuditCheckConfigurations, "[AuditNotificationTargetConfigurations](#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations)" : AuditNotificationTargetConfigurations, "[RoleArn](#cfn-iot-accountauditconfiguration-rolearn)" : String } } ``` ### YAML ``` Type: AWS::IoT::AccountAuditConfiguration Properties: [AccountId](#cfn-iot-accountauditconfiguration-accountid): String [AuditCheckConfigurations](#cfn-iot-accountauditconfiguration-auditcheckconfigurations): AuditCheckConfigurations [AuditNotificationTargetConfigurations](#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations): AuditNotificationTargetConfigurations [RoleArn](#cfn-iot-accountauditconfiguration-rolearn): String ``` ## Properties `AccountId` The ID of the account. You can use the expression `!Sub "${AWS::AccountId}"` to use your account ID. *Required*: Yes *Type*: String *Minimum*: `12` *Maximum*: `12` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `AuditCheckConfigurations` Specifies which audit checks are enabled and disabled for this account. Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the `Enabled:` key to `false`. If an enabled check is removed from the template, it will also be disabled. You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. For more information on available audit checks see [AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html) *Required*: Yes *Type*: [AuditCheckConfigurations](aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AuditNotificationTargetConfigurations` Information about the targets to which audit notifications are sent. *Required*: No *Type*: [AuditNotificationTargetConfigurations](aws-properties-iot-accountauditconfiguration-auditnotificationtargetconfigurations.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit. *Required*: Yes *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the account ID. ## Examples ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Web Services IoT AccountAuditConfiguration Sample Template", "Resources": { "MyAccountAuditConfiguration": { "Type": "AWS::IoT::AccountAuditConfiguration", "Properties": { "AccountId": "${AWS::AccountId}", "AuditCheckConfigurations": { "AuthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true }, "CaCertificateExpiringCheck": { "Enabled": true }, "CaCertificateKeyQualityCheck": { "Enabled": true }, "ConflictingClientIdsCheck": { "Enabled": true }, "DeviceCertificateAgeCheck": { "Enabled": true, "Configuration": { "CertAgeThresholdInDays": 60 } }, "DeviceCertificateExpiringCheck": { "Enabled": true, "Configuration": { "CertExpirationThresholdInDays": 30 } }, "DeviceCertificateKeyQualityCheck": { "Enabled": true }, "DeviceCertificateSharedCheck": { "Enabled": true }, "IotPolicyOverlyPermissiveCheck": { "Enabled": true }, "IotRoleAliasAllowsAccessToUnusedServicesCheck": { "Enabled": true }, "IotRoleAliasOverlyPermissiveCheck": { "Enabled": true }, "LoggingDisabledCheck": { "Enabled": true }, "RevokedCaCertificateStillActiveCheck": { "Enabled": true }, "RevokedDeviceCertificateStillActiveCheck": { "Enabled": true }, "UnauthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true } }, "AuditNotificationTargetConfigurations": { "Sns": { "TargetArn": "arn:aws:sns:us-east-1:123456789012:AuditNotifications", "RoleArn": "arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications", "Enabled": true } }, "RoleArn": "arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit" } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web Services IoT AccountAuditConfiguration Sample Template Resources: MyAccountAuditConfiguration: Type: 'AWS::IoT::AccountAuditConfiguration' Properties: AccountId: !Sub '${AWS::AccountId}' AuditCheckConfigurations: AuthenticatedCognitoRoleOverlyPermissiveCheck: Enabled: true CaCertificateExpiringCheck: Enabled: true CaCertificateKeyQualityCheck: Enabled: true ConflictingClientIdsCheck: Enabled: true DeviceCertificateAgeCheck: Enabled: true Configuration: CertAgeThresholdInDays: 60 DeviceCertificateExpiringCheck: Enabled: true Configuration: CertExpirationThresholdInDays: 30 DeviceCertificateKeyQualityCheck: Enabled: true DeviceCertificateSharedCheck: Enabled: true IotPolicyOverlyPermissiveCheck: Enabled: true IotRoleAliasAllowsAccessToUnusedServicesCheck: Enabled: true IotRoleAliasOverlyPermissiveCheck: Enabled: true LoggingDisabledCheck: Enabled: true RevokedCaCertificateStillActiveCheck: Enabled: true RevokedDeviceCertificateStillActiveCheck: Enabled: true UnauthenticatedCognitoRoleOverlyPermissiveCheck: Enabled: true AuditNotificationTargetConfigurations: Sns: TargetArn: 'arn:aws:sns:us-east-1:123456789012:AuditNotifications' RoleArn: 'arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications' Enabled: true RoleArn: 'arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit' ``` ## See also When you use CloudFormation to perform drift detection for `AccountAuditConfiguration`, it won't compare values that aren't part of the stack template. In `AccountAuditConfiguration`, specifying a configuration for every check is optional, and skipped checks are interpreted as disabled. To have accurate drift detection with CloudFormation, include configurations (enabled or disabled) for all the 14 audit checks in your template. For more information on the audit checks see [AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html). For more information, see [Detecting unmanaged configuration changes to stacks and resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html) in the *user guide*. # AWS::IoT::AccountAuditConfiguration AuditCheckConfiguration Which audit checks are enabled and disabled for this account. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-iot-accountauditconfiguration-auditcheckconfiguration-enabled)" : Boolean } ``` ### YAML ``` [Enabled](#cfn-iot-accountauditconfiguration-auditcheckconfiguration-enabled): Boolean ``` ## Properties `Enabled` True if this audit check is enabled for this account. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations The types of audit checks that can be performed. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AuthenticatedCognitoRoleOverlyPermissiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-authenticatedcognitoroleoverlypermissivecheck)" : AuditCheckConfiguration, "[CaCertificateExpiringCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificateexpiringcheck)" : AuditCheckConfiguration, "[CaCertificateKeyQualityCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificatekeyqualitycheck)" : AuditCheckConfiguration, "[ConflictingClientIdsCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-conflictingclientidscheck)" : AuditCheckConfiguration, "[DeviceCertificateAgeCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateagecheck)" : DeviceCertAgeAuditCheckConfiguration, "[DeviceCertificateExpiringCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateexpiringcheck)" : DeviceCertExpirationAuditCheckConfiguration, "[DeviceCertificateKeyQualityCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatekeyqualitycheck)" : AuditCheckConfiguration, "[DeviceCertificateSharedCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatesharedcheck)" : AuditCheckConfiguration, "[IntermediateCaRevokedForActiveDeviceCertificatesCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-intermediatecarevokedforactivedevicecertificatescheck)" : AuditCheckConfiguration, "[IotPolicyOverlyPermissiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicyoverlypermissivecheck)" : AuditCheckConfiguration, "[IoTPolicyPotentialMisConfigurationCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicypotentialmisconfigurationcheck)" : AuditCheckConfiguration, "[IotRoleAliasAllowsAccessToUnusedServicesCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasallowsaccesstounusedservicescheck)" : AuditCheckConfiguration, "[IotRoleAliasOverlyPermissiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasoverlypermissivecheck)" : AuditCheckConfiguration, "[LoggingDisabledCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-loggingdisabledcheck)" : AuditCheckConfiguration, "[RevokedCaCertificateStillActiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokedcacertificatestillactivecheck)" : AuditCheckConfiguration, "[RevokedDeviceCertificateStillActiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokeddevicecertificatestillactivecheck)" : AuditCheckConfiguration, "[UnauthenticatedCognitoRoleOverlyPermissiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-unauthenticatedcognitoroleoverlypermissivecheck)" : AuditCheckConfiguration } ``` ### YAML ``` [AuthenticatedCognitoRoleOverlyPermissiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-authenticatedcognitoroleoverlypermissivecheck): AuditCheckConfiguration [CaCertificateExpiringCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificateexpiringcheck): AuditCheckConfiguration [CaCertificateKeyQualityCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificatekeyqualitycheck): AuditCheckConfiguration [ConflictingClientIdsCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-conflictingclientidscheck): AuditCheckConfiguration [DeviceCertificateAgeCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateagecheck): DeviceCertAgeAuditCheckConfiguration [DeviceCertificateExpiringCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateexpiringcheck): DeviceCertExpirationAuditCheckConfiguration [DeviceCertificateKeyQualityCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatekeyqualitycheck): AuditCheckConfiguration [DeviceCertificateSharedCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatesharedcheck): AuditCheckConfiguration [IntermediateCaRevokedForActiveDeviceCertificatesCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-intermediatecarevokedforactivedevicecertificatescheck): AuditCheckConfiguration [IotPolicyOverlyPermissiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicyoverlypermissivecheck): AuditCheckConfiguration [IoTPolicyPotentialMisConfigurationCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicypotentialmisconfigurationcheck): AuditCheckConfiguration [IotRoleAliasAllowsAccessToUnusedServicesCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasallowsaccesstounusedservicescheck): AuditCheckConfiguration [IotRoleAliasOverlyPermissiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasoverlypermissivecheck): AuditCheckConfiguration [LoggingDisabledCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-loggingdisabledcheck): AuditCheckConfiguration [RevokedCaCertificateStillActiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokedcacertificatestillactivecheck): AuditCheckConfiguration [RevokedDeviceCertificateStillActiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokeddevicecertificatestillactivecheck): AuditCheckConfiguration [UnauthenticatedCognitoRoleOverlyPermissiveCheck](#cfn-iot-accountauditconfiguration-auditcheckconfigurations-unauthenticatedcognitoroleoverlypermissivecheck): AuditCheckConfiguration ``` ## Properties `AuthenticatedCognitoRoleOverlyPermissiveCheck` Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CaCertificateExpiringCheck` Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CaCertificateKeyQualityCheck` Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are `ACTIVE` or `PENDING_TRANSFER`. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ConflictingClientIdsCheck` Checks if multiple devices connect using the same client ID. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DeviceCertificateAgeCheck` Checks when a device certificate has been active for a number of days greater than or equal to the number you specify. *Required*: No *Type*: [DeviceCertAgeAuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-devicecertageauditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DeviceCertificateExpiringCheck` Checks if a device certificate is expiring. By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration. *Required*: No *Type*: [DeviceCertExpirationAuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-devicecertexpirationauditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DeviceCertificateKeyQualityCheck` Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DeviceCertificateSharedCheck` Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IntermediateCaRevokedForActiveDeviceCertificatesCheck` Checks if device certificates are still active despite being revoked by an intermediate CA. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IotPolicyOverlyPermissiveCheck` Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IoTPolicyPotentialMisConfigurationCheck` Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IotRoleAliasAllowsAccessToUnusedServicesCheck` Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IotRoleAliasOverlyPermissiveCheck` Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LoggingDisabledCheck` Checks if AWS IoT logs are disabled. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RevokedCaCertificateStillActiveCheck` Checks if a revoked CA certificate is still active. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RevokedDeviceCertificateStillActiveCheck` Checks if a revoked device certificate is still active. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UnauthenticatedCognitoRoleOverlyPermissiveCheck` Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive. *Required*: No *Type*: [AuditCheckConfiguration](aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::AccountAuditConfiguration AuditNotificationTarget Information about the targets to which audit notifications are sent. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-iot-accountauditconfiguration-auditnotificationtarget-enabled)" : Boolean, "[RoleArn](#cfn-iot-accountauditconfiguration-auditnotificationtarget-rolearn)" : String, "[TargetArn](#cfn-iot-accountauditconfiguration-auditnotificationtarget-targetarn)" : String } ``` ### YAML ``` [Enabled](#cfn-iot-accountauditconfiguration-auditnotificationtarget-enabled): Boolean [RoleArn](#cfn-iot-accountauditconfiguration-auditnotificationtarget-rolearn): String [TargetArn](#cfn-iot-accountauditconfiguration-auditnotificationtarget-targetarn): String ``` ## Properties `Enabled` True if notifications to the target are enabled. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the role that grants permission to send notifications to the target. *Required*: No *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TargetArn` The ARN of the target (SNS topic) to which audit notifications are sent. *Required*: No *Type*: String *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::AccountAuditConfiguration AuditNotificationTargetConfigurations The configuration of the audit notification target. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Sns](#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations-sns)" : AuditNotificationTarget } ``` ### YAML ``` [Sns](#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations-sns): AuditNotificationTarget ``` ## Properties `Sns` The `Sns` notification target. *Required*: No *Type*: [AuditNotificationTarget](aws-properties-iot-accountauditconfiguration-auditnotificationtarget.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::AccountAuditConfiguration CertAgeCheckCustomConfiguration Configuration structure containing settings for the device certificate age check. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CertAgeThresholdInDays](#cfn-iot-accountauditconfiguration-certagecheckcustomconfiguration-certagethresholdindays)" : String } ``` ### YAML ``` [CertAgeThresholdInDays](#cfn-iot-accountauditconfiguration-certagecheckcustomconfiguration-certagethresholdindays): String ``` ## Properties `CertAgeThresholdInDays` The number of days that defines when a device certificate is considered to have aged. The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `64` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::AccountAuditConfiguration CertExpirationCheckCustomConfiguration Configuration structure containing settings for the device certificate expiration check. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CertExpirationThresholdInDays](#cfn-iot-accountauditconfiguration-certexpirationcheckcustomconfiguration-certexpirationthresholdindays)" : String } ``` ### YAML ``` [CertExpirationThresholdInDays](#cfn-iot-accountauditconfiguration-certexpirationcheckcustomconfiguration-certexpirationthresholdindays): String ``` ## Properties `CertExpirationThresholdInDays` The number of days before expiration that defines when a device certificate is considered to be approaching expiration. The check will report a finding if a certificate will expire within this number of days. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `64` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::AccountAuditConfiguration DeviceCertAgeAuditCheckConfiguration Configuration for the device certificate age audit check. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Configuration](#cfn-iot-accountauditconfiguration-devicecertageauditcheckconfiguration-configuration)" : CertAgeCheckCustomConfiguration, "[Enabled](#cfn-iot-accountauditconfiguration-devicecertageauditcheckconfiguration-enabled)" : Boolean } ``` ### YAML ``` [Configuration](#cfn-iot-accountauditconfiguration-devicecertageauditcheckconfiguration-configuration): CertAgeCheckCustomConfiguration [Enabled](#cfn-iot-accountauditconfiguration-devicecertageauditcheckconfiguration-enabled): Boolean ``` ## Properties `Configuration` Configuration settings for the device certificate age check, including the threshold in days for certificate age. This configuration is of type `CertAgeCheckCustomConfiguration`. *Required*: No *Type*: [CertAgeCheckCustomConfiguration](aws-properties-iot-accountauditconfiguration-certagecheckcustomconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Enabled` True if this audit check is enabled for this account. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::AccountAuditConfiguration DeviceCertExpirationAuditCheckConfiguration Configuration for the device certificate expiration audit check. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Configuration](#cfn-iot-accountauditconfiguration-devicecertexpirationauditcheckconfiguration-configuration)" : CertExpirationCheckCustomConfiguration, "[Enabled](#cfn-iot-accountauditconfiguration-devicecertexpirationauditcheckconfiguration-enabled)" : Boolean } ``` ### YAML ``` [Configuration](#cfn-iot-accountauditconfiguration-devicecertexpirationauditcheckconfiguration-configuration): CertExpirationCheckCustomConfiguration [Enabled](#cfn-iot-accountauditconfiguration-devicecertexpirationauditcheckconfiguration-enabled): Boolean ``` ## Properties `Configuration` Configuration settings for the device certificate expiration check, including the threshold in days before expiration. This configuration is of type `CertExpirationCheckCustomConfiguration` *Required*: No *Type*: [CertExpirationCheckCustomConfiguration](aws-properties-iot-accountauditconfiguration-certexpirationcheckcustomconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Enabled` True if this audit check is enabled for this account. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Authorizer Specifies an authorizer. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Authorizer", "Properties" : { "[AuthorizerFunctionArn](#cfn-iot-authorizer-authorizerfunctionarn)" : String, "[AuthorizerName](#cfn-iot-authorizer-authorizername)" : String, "[EnableCachingForHttp](#cfn-iot-authorizer-enablecachingforhttp)" : Boolean, "[SigningDisabled](#cfn-iot-authorizer-signingdisabled)" : Boolean, "[Status](#cfn-iot-authorizer-status)" : String, "[Tags](#cfn-iot-authorizer-tags)" : [ Tag, ... ], "[TokenKeyName](#cfn-iot-authorizer-tokenkeyname)" : String, "[TokenSigningPublicKeys](#cfn-iot-authorizer-tokensigningpublickeys)" : {Key: Value, ...} } } ``` ### YAML ``` Type: AWS::IoT::Authorizer Properties: [AuthorizerFunctionArn](#cfn-iot-authorizer-authorizerfunctionarn): String [AuthorizerName](#cfn-iot-authorizer-authorizername): String [EnableCachingForHttp](#cfn-iot-authorizer-enablecachingforhttp): Boolean [SigningDisabled](#cfn-iot-authorizer-signingdisabled): Boolean [Status](#cfn-iot-authorizer-status): String [Tags](#cfn-iot-authorizer-tags): - Tag [TokenKeyName](#cfn-iot-authorizer-tokenkeyname): String [TokenSigningPublicKeys](#cfn-iot-authorizer-tokensigningpublickeys): Key: Value ``` ## Properties `AuthorizerFunctionArn` The authorizer's Lambda function ARN. *Required*: Yes *Type*: String *Pattern*: `[\s\S]*` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AuthorizerName` The authorizer name. *Required*: No *Type*: String *Pattern*: `[\w=,@-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EnableCachingForHttp` When `true`, the result from the authorizer's Lambda function is cached for clients that use persistent HTTP connections. The results are cached for the time specified by the Lambda function in `refreshAfterInSeconds`. This value doesn't affect authorization of clients that use MQTT connections. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SigningDisabled` Specifies whether AWS IoT validates the token signature in an authorization request. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Status` The status of the authorizer. Valid values: `ACTIVE` \$1 `INACTIVE` *Required*: No *Type*: String *Allowed values*: `ACTIVE | INACTIVE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata which can be used to manage the custom authorizer. For URI Request parameters use format: ...key1=value1&key2=value2... For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..." For the cli-input-json file use format: "tags": "key1=value1&key2=value2..." *Required*: No *Type*: Array of [Tag](aws-properties-iot-authorizer-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TokenKeyName` The key used to extract the token from the HTTP headers. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TokenSigningPublicKeys` The public keys used to validate the token signature returned by your custom authentication service. *Required*: No *Type*: Object of String *Pattern*: `[a-zA-Z0-9:_-]+` *Maximum*: `5120` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the authorizer name. For example: `{ "Ref": "MyAuthorizer" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the authorizer. # AWS::IoT::Authorizer Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-authorizer-tag-key)" : String, "[Value](#cfn-iot-authorizer-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-authorizer-tag-key): String [Value](#cfn-iot-authorizer-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::BillingGroup Creates a new billing group. Requires permission to access the [CreateBillingGroup](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::BillingGroup", "Properties" : { "[BillingGroupName](#cfn-iot-billinggroup-billinggroupname)" : String, "[BillingGroupProperties](#cfn-iot-billinggroup-billinggroupproperties)" : BillingGroupProperties, "[Tags](#cfn-iot-billinggroup-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::BillingGroup Properties: [BillingGroupName](#cfn-iot-billinggroup-billinggroupname): String [BillingGroupProperties](#cfn-iot-billinggroup-billinggroupproperties): BillingGroupProperties [Tags](#cfn-iot-billinggroup-tags): - Tag ``` ## Properties `BillingGroupName` The name of the billing group. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `BillingGroupProperties` The properties of the billing group. *Required*: No *Type*: [BillingGroupProperties](aws-properties-iot-billinggroup-billinggroupproperties.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata which can be used to manage the billing group. *Required*: No *Type*: Array of [Tag](aws-properties-iot-billinggroup-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the billing group id. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The ARN of the billing group. `Id` The ID of the billing group. # AWS::IoT::BillingGroup BillingGroupProperties The properties of a billing group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BillingGroupDescription](#cfn-iot-billinggroup-billinggroupproperties-billinggroupdescription)" : String } ``` ### YAML ``` [BillingGroupDescription](#cfn-iot-billinggroup-billinggroupproperties-billinggroupdescription): String ``` ## Properties `BillingGroupDescription` The description of the billing group. *Required*: No *Type*: String *Pattern*: `[\p{Graph}\x20]*` *Maximum*: `2028` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::BillingGroup Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-billinggroup-tag-key)" : String, "[Value](#cfn-iot-billinggroup-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-billinggroup-tag-key): String [Value](#cfn-iot-billinggroup-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::CACertificate Specifies a CA certificate. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::CACertificate", "Properties" : { "[AutoRegistrationStatus](#cfn-iot-cacertificate-autoregistrationstatus)" : String, "[CACertificatePem](#cfn-iot-cacertificate-cacertificatepem)" : String, "[CertificateMode](#cfn-iot-cacertificate-certificatemode)" : String, "[RegistrationConfig](#cfn-iot-cacertificate-registrationconfig)" : RegistrationConfig, "[RemoveAutoRegistration](#cfn-iot-cacertificate-removeautoregistration)" : Boolean, "[Status](#cfn-iot-cacertificate-status)" : String, "[Tags](#cfn-iot-cacertificate-tags)" : [ Tag, ... ], "[VerificationCertificatePem](#cfn-iot-cacertificate-verificationcertificatepem)" : String } } ``` ### YAML ``` Type: AWS::IoT::CACertificate Properties: [AutoRegistrationStatus](#cfn-iot-cacertificate-autoregistrationstatus): String [CACertificatePem](#cfn-iot-cacertificate-cacertificatepem): String [CertificateMode](#cfn-iot-cacertificate-certificatemode): String [RegistrationConfig](#cfn-iot-cacertificate-registrationconfig): RegistrationConfig [RemoveAutoRegistration](#cfn-iot-cacertificate-removeautoregistration): Boolean [Status](#cfn-iot-cacertificate-status): String [Tags](#cfn-iot-cacertificate-tags): - Tag [VerificationCertificatePem](#cfn-iot-cacertificate-verificationcertificatepem): String ``` ## Properties `AutoRegistrationStatus` Whether the CA certificate is configured for auto registration of device certificates. Valid values are "ENABLE" and "DISABLE". *Required*: No *Type*: String *Allowed values*: `ENABLE | DISABLE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CACertificatePem` The certificate data in PEM format. *Required*: Yes *Type*: String *Pattern*: `[\s\S]*` *Minimum*: `1` *Maximum*: `65536` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CertificateMode` The mode of the CA. All the device certificates that are registered using this CA will be registered in the same mode as the CA. For more information about certificate mode for device certificates, see [certificate mode](https://docs.aws.amazon.com//iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode). Valid values are "DEFAULT" and "SNI\$1ONLY". *Required*: No *Type*: String *Allowed values*: `DEFAULT | SNI_ONLY` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RegistrationConfig` Information about the registration configuration. *Required*: No *Type*: [RegistrationConfig](aws-properties-iot-cacertificate-registrationconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RemoveAutoRegistration` If true, removes auto registration. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Status` The status of the CA certificate. Valid values are "ACTIVE" and "INACTIVE". *Required*: Yes *Type*: String *Allowed values*: `ACTIVE | INACTIVE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` An array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). *Required*: No *Type*: Array of [Tag](aws-properties-iot-cacertificate-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VerificationCertificatePem` The private key verification certificate. *Required*: No *Type*: String *Pattern*: `[\s\S]*` *Minimum*: `1` *Maximum*: `65536` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the CA certificate ID. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` Returns the Amazon Resource Name (ARN) for the CA certificate. For example: `{ "Fn::GetAtt": ["MyCACertificate", "Arn"] }` A value similar to the following is returned: `arn:aws:iot:us-east-1:123456789012:cacert/a6be6b84559801927e35a8f901fae08b5971d78d1562e29504ff9663b276a5f5` `Id` The CA certificate ID. # AWS::IoT::CACertificate RegistrationConfig The registration configuration. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[RoleArn](#cfn-iot-cacertificate-registrationconfig-rolearn)" : String, "[TemplateBody](#cfn-iot-cacertificate-registrationconfig-templatebody)" : String, "[TemplateName](#cfn-iot-cacertificate-registrationconfig-templatename)" : String } ``` ### YAML ``` [RoleArn](#cfn-iot-cacertificate-registrationconfig-rolearn): String [TemplateBody](#cfn-iot-cacertificate-registrationconfig-templatebody): String [TemplateName](#cfn-iot-cacertificate-registrationconfig-templatename): String ``` ## Properties `RoleArn` The ARN of the role. *Required*: No *Type*: String *Pattern*: `arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TemplateBody` The template body. *Required*: No *Type*: String *Pattern*: `[\s\S]*` *Minimum*: `0` *Maximum*: `10240` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TemplateName` The name of the provisioning template. *Required*: No *Type*: String *Pattern*: `^[0-9A-Za-z_-]+$` *Minimum*: `1` *Maximum*: `36` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::CACertificate Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-cacertificate-tag-key)" : String, "[Value](#cfn-iot-cacertificate-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-cacertificate-tag-key): String [Value](#cfn-iot-cacertificate-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `127` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `255` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Certificate Use the `AWS::IoT::Certificate` resource to declare an AWS IoT X.509 certificate. For information about working with X.509 certificates, see [X.509 Client Certificates](https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html) in the *AWS IoT Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Certificate", "Properties" : { "[CACertificatePem](#cfn-iot-certificate-cacertificatepem)" : String, "[CertificateMode](#cfn-iot-certificate-certificatemode)" : String, "[CertificatePem](#cfn-iot-certificate-certificatepem)" : String, "[CertificateSigningRequest](#cfn-iot-certificate-certificatesigningrequest)" : String, "[Status](#cfn-iot-certificate-status)" : String } } ``` ### YAML ``` Type: AWS::IoT::Certificate Properties: [CACertificatePem](#cfn-iot-certificate-cacertificatepem): String [CertificateMode](#cfn-iot-certificate-certificatemode): String [CertificatePem](#cfn-iot-certificate-certificatepem): String [CertificateSigningRequest](#cfn-iot-certificate-certificatesigningrequest): String [Status](#cfn-iot-certificate-status): String ``` ## Properties `CACertificatePem` The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI\$1ONLY. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `65536` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CertificateMode` Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI\$1ONLY with CertificatePem, and Default with CertificateSigningRequest. `DEFAULT`: A certificate in `DEFAULT` mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in `DEFAULT` mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core. However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core. `SNI_ONLY`: A certificate in `SNI_ONLY` mode is registered without an issuer CA. Devices with certificates in `SNI_ONLY` mode must send the SNI extension when connecting to AWS IoT Core. *Required*: No *Type*: String *Allowed values*: `DEFAULT | SNI_ONLY` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CertificatePem` The certificate data in PEM format. Requires SNI\$1ONLY for the certificate mode or the accompanying CACertificatePem for registration. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `65536` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CertificateSigningRequest` The certificate signing request (CSR). *Required*: No *Type*: String *Pattern*: `[\s\S]*` *Minimum*: `1` *Maximum*: `4096` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Status` The status of the certificate. Valid values are ACTIVE, INACTIVE, REVOKED, PENDING\$1TRANSFER, and PENDING\$1ACTIVATION. The status value REGISTER\$1INACTIVE is deprecated and should not be used. *Required*: Yes *Type*: String *Allowed values*: `ACTIVE | INACTIVE | REVOKED | PENDING_TRANSFER | PENDING_ACTIVATION` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the certificate ID. For example: `{ "Ref": "MyCertificate" }` A value similar to the following is returned: `a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` Returns the Amazon Resource Name (ARN) for the certificate. For example: `{ "Fn::GetAtt": ["MyCertificate", "Arn"] }` A value similar to the following is returned: `arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2` `Id` The certificate ID. # AWS::IoT::CertificateProvider Creates a certificate provider. AWS IoT Core certificate provider lets you customize how to sign a certificate signing request (CSR) in fleet provisioning. For more information, see [Self-managed certificate signing using AWS IoT Corecertificate provider](https://docs.aws.amazon.com/iot/latest/developerguide/provisioning-cert-provider.html) from the *AWS IoT Core Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::CertificateProvider", "Properties" : { "[AccountDefaultForOperations](#cfn-iot-certificateprovider-accountdefaultforoperations)" : [ String, ... ], "[CertificateProviderName](#cfn-iot-certificateprovider-certificateprovidername)" : String, "[LambdaFunctionArn](#cfn-iot-certificateprovider-lambdafunctionarn)" : String, "[Tags](#cfn-iot-certificateprovider-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::CertificateProvider Properties: [AccountDefaultForOperations](#cfn-iot-certificateprovider-accountdefaultforoperations): - String [CertificateProviderName](#cfn-iot-certificateprovider-certificateprovidername): String [LambdaFunctionArn](#cfn-iot-certificateprovider-lambdafunctionarn): String [Tags](#cfn-iot-certificateprovider-tags): - Tag ``` ## Properties `AccountDefaultForOperations` A list of the operations that the certificate provider will use to generate certificates. Valid value: `CreateCertificateFromCsr`. *Required*: Yes *Type*: Array of String *Minimum*: `1` *Maximum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CertificateProviderName` The name of the certificate provider. *Required*: No *Type*: String *Pattern*: `[\w=,@-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `LambdaFunctionArn` The ARN of the Lambda function. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `170` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata that can be used to manage the certificate provider. *Required*: No *Type*: Array of [Tag](aws-properties-iot-certificateprovider-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the ID of the certificate provider. For example: `{ "Ref": "MyCertificateProvider" }` A value similar to the following is returned: `a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` Returns the Amazon Resource Name (ARN) for the certificate. For example: `{ "Fn::GetAtt": ["MyCertificateProvider", "Arn"] }` A value similar to the following is returned: `arn:aws:iot:ap-southeast-2:123456789012:certprovider/my-certificate-provider` # AWS::IoT::CertificateProvider Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-certificateprovider-tag-key)" : String, "[Value](#cfn-iot-certificateprovider-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-certificateprovider-tag-key): String [Value](#cfn-iot-certificateprovider-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `127` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `255` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Command The `AWS::IoT::Command` resource Property description not available. for IoT. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Command", "Properties" : { "[CommandId](#cfn-iot-command-commandid)" : String, "[CreatedAt](#cfn-iot-command-createdat)" : String, "[Deprecated](#cfn-iot-command-deprecated)" : Boolean, "[Description](#cfn-iot-command-description)" : String, "[DisplayName](#cfn-iot-command-displayname)" : String, "[LastUpdatedAt](#cfn-iot-command-lastupdatedat)" : String, "[MandatoryParameters](#cfn-iot-command-mandatoryparameters)" : [ CommandParameter, ... ], "[Namespace](#cfn-iot-command-namespace)" : String, "[Payload](#cfn-iot-command-payload)" : CommandPayload, "[PayloadTemplate](#cfn-iot-command-payloadtemplate)" : String, "[PendingDeletion](#cfn-iot-command-pendingdeletion)" : Boolean, "[Preprocessor](#cfn-iot-command-preprocessor)" : CommandPreprocessor, "[RoleArn](#cfn-iot-command-rolearn)" : String, "[Tags](#cfn-iot-command-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::Command Properties: [CommandId](#cfn-iot-command-commandid): String [CreatedAt](#cfn-iot-command-createdat): String [Deprecated](#cfn-iot-command-deprecated): Boolean [Description](#cfn-iot-command-description): String [DisplayName](#cfn-iot-command-displayname): String [LastUpdatedAt](#cfn-iot-command-lastupdatedat): String [MandatoryParameters](#cfn-iot-command-mandatoryparameters): - CommandParameter [Namespace](#cfn-iot-command-namespace): String [Payload](#cfn-iot-command-payload): CommandPayload [PayloadTemplate](#cfn-iot-command-payloadtemplate): String [PendingDeletion](#cfn-iot-command-pendingdeletion): Boolean [Preprocessor](#cfn-iot-command-preprocessor): CommandPreprocessor [RoleArn](#cfn-iot-command-rolearn): String [Tags](#cfn-iot-command-tags): - Tag ``` ## Properties `CommandId` The unique identifier of the command. *Required*: Yes *Type*: String *Pattern*: `^[a-zA-Z0-9_-]+$` *Minimum*: `1` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CreatedAt` The timestamp, when the command was created. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Deprecated` Indicates whether the command has been deprecated. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` The description of the command parameter. *Required*: No *Type*: String *Maximum*: `2028` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DisplayName` The display name of the command. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LastUpdatedAt` The timestamp, when the command was last updated. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MandatoryParameters` Property description not available. *Required*: No *Type*: Array of [CommandParameter](aws-properties-iot-command-commandparameter.md) *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Namespace` Property description not available. *Required*: No *Type*: String *Allowed values*: `AWS-IoT | AWS-IoT-FleetWise` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Payload` Property description not available. *Required*: No *Type*: [CommandPayload](aws-properties-iot-command-commandpayload.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PayloadTemplate` Property description not available. *Required*: No *Type*: String *Maximum*: `32768` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `PendingDeletion` Indicates whether the command is pending deletion. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Preprocessor` Property description not available. *Required*: No *Type*: [CommandPreprocessor](aws-properties-iot-command-commandpreprocessor.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RoleArn` Property description not available. *Required*: No *Type*: String *Minimum*: `20` *Maximum*: `2028` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Property description not available. *Required*: No *Type*: Array of [Tag](aws-properties-iot-command-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref ### Fn::GetAtt #### `CommandArn` The Amazon Resource Name (ARN) of the command. # AWS::IoT::Command AwsJsonSubstitutionCommandPreprocessorConfig The `AwsJsonSubstitutionCommandPreprocessorConfig` property type specifies Property description not available. for an [AWS::IoT::Command](aws-resource-iot-command.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[OutputFormat](#cfn-iot-command-awsjsonsubstitutioncommandpreprocessorconfig-outputformat)" : String } ``` ### YAML ``` [OutputFormat](#cfn-iot-command-awsjsonsubstitutioncommandpreprocessorconfig-outputformat): String ``` ## Properties `OutputFormat` Property description not available. *Required*: Yes *Type*: String *Allowed values*: `JSON | CBOR` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::Command CommandParameter The `CommandParameter` property type specifies Property description not available. for an [AWS::IoT::Command](aws-resource-iot-command.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DefaultValue](#cfn-iot-command-commandparameter-defaultvalue)" : CommandParameterValue, "[Description](#cfn-iot-command-commandparameter-description)" : String, "[Name](#cfn-iot-command-commandparameter-name)" : String, "[Type](#cfn-iot-command-commandparameter-type)" : String, "[Value](#cfn-iot-command-commandparameter-value)" : CommandParameterValue, "[ValueConditions](#cfn-iot-command-commandparameter-valueconditions)" : [ CommandParameterValueCondition, ... ] } ``` ### YAML ``` [DefaultValue](#cfn-iot-command-commandparameter-defaultvalue): CommandParameterValue [Description](#cfn-iot-command-commandparameter-description): String [Name](#cfn-iot-command-commandparameter-name): String [Type](#cfn-iot-command-commandparameter-type): String [Value](#cfn-iot-command-commandparameter-value): CommandParameterValue [ValueConditions](#cfn-iot-command-commandparameter-valueconditions): - CommandParameterValueCondition ``` ## Properties `DefaultValue` Property description not available. *Required*: No *Type*: [CommandParameterValue](aws-properties-iot-command-commandparametervalue.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` Property description not available. *Required*: No *Type*: String *Maximum*: `2028` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Name` Property description not available. *Required*: Yes *Type*: String *Pattern*: `^[.$a-zA-Z0-9_-]+$` *Minimum*: `1` *Maximum*: `192` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` Property description not available. *Required*: No *Type*: String *Allowed values*: `STRING | INTEGER | DOUBLE | LONG | UNSIGNEDLONG | BOOLEAN | BINARY` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Property description not available. *Required*: No *Type*: [CommandParameterValue](aws-properties-iot-command-commandparametervalue.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ValueConditions` Property description not available. *Required*: No *Type*: Array of [CommandParameterValueCondition](aws-properties-iot-command-commandparametervaluecondition.md) *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Command CommandParameterValue The `CommandParameterValue` property type specifies Property description not available. for an [AWS::IoT::Command](aws-resource-iot-command.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[B](#cfn-iot-command-commandparametervalue-b)" : Boolean, "[BIN](#cfn-iot-command-commandparametervalue-bin)" : String, "[D](#cfn-iot-command-commandparametervalue-d)" : Number, "[I](#cfn-iot-command-commandparametervalue-i)" : Integer, "[L](#cfn-iot-command-commandparametervalue-l)" : String, "[S](#cfn-iot-command-commandparametervalue-s)" : String, "[UL](#cfn-iot-command-commandparametervalue-ul)" : String } ``` ### YAML ``` [B](#cfn-iot-command-commandparametervalue-b): Boolean [BIN](#cfn-iot-command-commandparametervalue-bin): String [D](#cfn-iot-command-commandparametervalue-d): Number [I](#cfn-iot-command-commandparametervalue-i): Integer [L](#cfn-iot-command-commandparametervalue-l): String [S](#cfn-iot-command-commandparametervalue-s): String [UL](#cfn-iot-command-commandparametervalue-ul): String ``` ## Properties `B` Property description not available. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `BIN` Property description not available. *Required*: No *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `D` Property description not available. *Required*: No *Type*: Number *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `I` Property description not available. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `L` Property description not available. *Required*: No *Type*: String *Pattern*: `^-?\d+$` *Maximum*: `19` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `S` Property description not available. *Required*: No *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UL` Property description not available. *Required*: No *Type*: String *Pattern*: `^[0-9]*$` *Minimum*: `1` *Maximum*: `20` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Command CommandParameterValueComparisonOperand The `CommandParameterValueComparisonOperand` property type specifies Property description not available. for an [AWS::IoT::Command](aws-resource-iot-command.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Number](#cfn-iot-command-commandparametervaluecomparisonoperand-number)" : String, "[NumberRange](#cfn-iot-command-commandparametervaluecomparisonoperand-numberrange)" : CommandParameterValueNumberRange, "[Numbers](#cfn-iot-command-commandparametervaluecomparisonoperand-numbers)" : [ String, ... ], "[String](#cfn-iot-command-commandparametervaluecomparisonoperand-string)" : String, "[Strings](#cfn-iot-command-commandparametervaluecomparisonoperand-strings)" : [ String, ... ] } ``` ### YAML ``` [Number](#cfn-iot-command-commandparametervaluecomparisonoperand-number): String [NumberRange](#cfn-iot-command-commandparametervaluecomparisonoperand-numberrange): CommandParameterValueNumberRange [Numbers](#cfn-iot-command-commandparametervaluecomparisonoperand-numbers): - String [String](#cfn-iot-command-commandparametervaluecomparisonoperand-string): String [Strings](#cfn-iot-command-commandparametervaluecomparisonoperand-strings): - String ``` ## Properties `Number` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NumberRange` Property description not available. *Required*: No *Type*: [CommandParameterValueNumberRange](aws-properties-iot-command-commandparametervaluenumberrange.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Numbers` Property description not available. *Required*: No *Type*: Array of String *Minimum*: `1` *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `String` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Strings` Property description not available. *Required*: No *Type*: Array of String *Minimum*: `1` *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Command CommandParameterValueCondition The `CommandParameterValueCondition` property type specifies Property description not available. for an [AWS::IoT::Command](aws-resource-iot-command.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ComparisonOperator](#cfn-iot-command-commandparametervaluecondition-comparisonoperator)" : String, "[Operand](#cfn-iot-command-commandparametervaluecondition-operand)" : CommandParameterValueComparisonOperand } ``` ### YAML ``` [ComparisonOperator](#cfn-iot-command-commandparametervaluecondition-comparisonoperator): String [Operand](#cfn-iot-command-commandparametervaluecondition-operand): CommandParameterValueComparisonOperand ``` ## Properties `ComparisonOperator` Property description not available. *Required*: Yes *Type*: String *Allowed values*: `EQUALS | NOT_EQUALS | LESS_THAN | LESS_THAN_EQUALS | GREATER_THAN | GREATER_THAN_EQUALS | IN_SET | NOT_IN_SET | IN_RANGE | NOT_IN_RANGE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Operand` Property description not available. *Required*: Yes *Type*: [CommandParameterValueComparisonOperand](aws-properties-iot-command-commandparametervaluecomparisonoperand.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Command CommandParameterValueNumberRange The `CommandParameterValueNumberRange` property type specifies Property description not available. for an [AWS::IoT::Command](aws-resource-iot-command.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Max](#cfn-iot-command-commandparametervaluenumberrange-max)" : String, "[Min](#cfn-iot-command-commandparametervaluenumberrange-min)" : String } ``` ### YAML ``` [Max](#cfn-iot-command-commandparametervaluenumberrange-max): String [Min](#cfn-iot-command-commandparametervaluenumberrange-min): String ``` ## Properties `Max` Property description not available. *Required*: Yes *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Min` Property description not available. *Required*: Yes *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Command CommandPayload The `CommandPayload` property type specifies Property description not available. for an [AWS::IoT::Command](aws-resource-iot-command.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Content](#cfn-iot-command-commandpayload-content)" : String, "[ContentType](#cfn-iot-command-commandpayload-contenttype)" : String } ``` ### YAML ``` [Content](#cfn-iot-command-commandpayload-content): String [ContentType](#cfn-iot-command-commandpayload-contenttype): String ``` ## Properties `Content` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ContentType` Property description not available. *Required*: No *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Command CommandPreprocessor The `CommandPreprocessor` property type specifies Property description not available. for an [AWS::IoT::Command](aws-resource-iot-command.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AwsJsonSubstitution](#cfn-iot-command-commandpreprocessor-awsjsonsubstitution)" : AwsJsonSubstitutionCommandPreprocessorConfig } ``` ### YAML ``` [AwsJsonSubstitution](#cfn-iot-command-commandpreprocessor-awsjsonsubstitution): AwsJsonSubstitutionCommandPreprocessorConfig ``` ## Properties `AwsJsonSubstitution` Property description not available. *Required*: No *Type*: [AwsJsonSubstitutionCommandPreprocessorConfig](aws-properties-iot-command-awsjsonsubstitutioncommandpreprocessorconfig.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::Command Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-command-tag-key)" : String, "[Value](#cfn-iot-command-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-command-tag-key): String [Value](#cfn-iot-command-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::CustomMetric Use the `AWS::IoT::CustomMetric` resource to define a custom metric published by your devices to Device Defender. For API reference, see [CreateCustomMetric](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCustomMetric.html) and for general information, see [Custom metrics](https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-custom-metrics.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::CustomMetric", "Properties" : { "[DisplayName](#cfn-iot-custommetric-displayname)" : String, "[MetricName](#cfn-iot-custommetric-metricname)" : String, "[MetricType](#cfn-iot-custommetric-metrictype)" : String, "[Tags](#cfn-iot-custommetric-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::CustomMetric Properties: [DisplayName](#cfn-iot-custommetric-displayname): String [MetricName](#cfn-iot-custommetric-metricname): String [MetricType](#cfn-iot-custommetric-metrictype): String [Tags](#cfn-iot-custommetric-tags): - Tag ``` ## Properties `DisplayName` The friendly name in the console for the custom metric. This name doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. You can update the friendly name after you define it. *Required*: No *Type*: String *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricName` The name of the custom metric. This will be used in the metric report submitted from the device/thing. The name can't begin with `aws:`. You can’t change the name after you define it. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `MetricType` The type of the custom metric. Types include `string-list`, `ip-address-list`, `number-list`, and `number`. The type `number` only takes a single metric value as an input, but when you submit the metrics value in the DeviceMetrics report, you must pass it as an array with a single value. *Required*: Yes *Type*: String *Allowed values*: `string-list | ip-address-list | number-list | number` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Metadata that can be used to manage the custom metric. *Required*: No *Type*: Array of [Tag](aws-properties-iot-custommetric-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the custom metric name. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `MetricArn` The Amazon Resource Number (ARN) of the custom metric; for example, `arn:aws-partition:iot:region:accountId:custommetric/metricName`. ## Examples ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Web Services IoT CustomMetric Sample Template", "Resources": { "BatteryPercentageMetric": { "Type": "AWS::IoT::CustomMetric", "Properties": { "MetricName": "batteryPercentage", "DisplayName": "Remaining battery percentage", "MetricType": "number" } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web Services IoT CustomMetric Sample Template Resources: BatteryPercentageMetric: Type: AWS::IoT::CustomMetric Properties: MetricName: batteryPercentage DisplayName: Remaining battery percentage MetricType: number ``` # AWS::IoT::CustomMetric Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-custommetric-tag-key)" : String, "[Value](#cfn-iot-custommetric-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-custommetric-tag-key): String [Value](#cfn-iot-custommetric-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Dimension Use the `AWS::IoT::Dimension` to limit the scope of a metric used in a security profile for AWS IoT Device Defender. For example, using a `TOPIC_FILTER` dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. For API reference, see [CreateDimension](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDimension.html) and for general information, see [Scoping metrics in security profiles using dimensions](https://docs.aws.amazon.com/iot/latest/developerguide/scoping-security-behavior.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Dimension", "Properties" : { "[Name](#cfn-iot-dimension-name)" : String, "[StringValues](#cfn-iot-dimension-stringvalues)" : [ String, ... ], "[Tags](#cfn-iot-dimension-tags)" : [ Tag, ... ], "[Type](#cfn-iot-dimension-type)" : String } } ``` ### YAML ``` Type: AWS::IoT::Dimension Properties: [Name](#cfn-iot-dimension-name): String [StringValues](#cfn-iot-dimension-stringvalues): - String [Tags](#cfn-iot-dimension-tags): - Tag [Type](#cfn-iot-dimension-type): String ``` ## Properties `Name` A unique identifier for the dimension. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `StringValues` Specifies the value or list of values for the dimension. For `TOPIC_FILTER` dimensions, this is a pattern used to match the MQTT topic (for example, "admin/\$1"). *Required*: Yes *Type*: Array of String *Minimum*: `1 | 1` *Maximum*: `256 | 5` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata that can be used to manage the dimension. *Required*: No *Type*: Array of [Tag](aws-properties-iot-dimension-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` Specifies the type of dimension. Supported types: `TOPIC_FILTER.` *Required*: Yes *Type*: String *Allowed values*: `TOPIC_FILTER` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the dimension name. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the dimension. ## Examples ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Web Services IoT Dimension Sample Template", "Resources": { "TopicFilterForAuthMessagesDimension": { "Type": "AWS::IoT::Dimension", "Properties": { "Name": "TopicFilterForAuthMessages", "Type": "TOPIC_FILTER", "StringValues": [ "device/+/auth" ], "Tags": [ { "Key": "Application", "Value": "SmartHome" } ] } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web Services IoT Dimension Sample Template Resources: TopicFilterForAuthMessagesDimension: Type: 'AWS::IoT::Dimension' Properties: Name: TopicFilterForAuthMessages Type: TOPIC_FILTER StringValues: - device/+/auth Tags: - Key: Application Value: SmartHome ``` # AWS::IoT::Dimension Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-dimension-tag-key)" : String, "[Value](#cfn-iot-dimension-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-dimension-tag-key): String [Value](#cfn-iot-dimension-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::DomainConfiguration Specifies a domain configuration. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::DomainConfiguration", "Properties" : { "[ApplicationProtocol](#cfn-iot-domainconfiguration-applicationprotocol)" : String, "[AuthenticationType](#cfn-iot-domainconfiguration-authenticationtype)" : String, "[AuthorizerConfig](#cfn-iot-domainconfiguration-authorizerconfig)" : AuthorizerConfig, "[ClientCertificateConfig](#cfn-iot-domainconfiguration-clientcertificateconfig)" : ClientCertificateConfig, "[DomainConfigurationName](#cfn-iot-domainconfiguration-domainconfigurationname)" : String, "[DomainConfigurationStatus](#cfn-iot-domainconfiguration-domainconfigurationstatus)" : String, "[DomainName](#cfn-iot-domainconfiguration-domainname)" : String, "[ServerCertificateArns](#cfn-iot-domainconfiguration-servercertificatearns)" : [ String, ... ], "[ServerCertificateConfig](#cfn-iot-domainconfiguration-servercertificateconfig)" : ServerCertificateConfig, "[ServiceType](#cfn-iot-domainconfiguration-servicetype)" : String, "[Tags](#cfn-iot-domainconfiguration-tags)" : [ Tag, ... ], "[TlsConfig](#cfn-iot-domainconfiguration-tlsconfig)" : TlsConfig, "[ValidationCertificateArn](#cfn-iot-domainconfiguration-validationcertificatearn)" : String } } ``` ### YAML ``` Type: AWS::IoT::DomainConfiguration Properties: [ApplicationProtocol](#cfn-iot-domainconfiguration-applicationprotocol): String [AuthenticationType](#cfn-iot-domainconfiguration-authenticationtype): String [AuthorizerConfig](#cfn-iot-domainconfiguration-authorizerconfig): AuthorizerConfig [ClientCertificateConfig](#cfn-iot-domainconfiguration-clientcertificateconfig): ClientCertificateConfig [DomainConfigurationName](#cfn-iot-domainconfiguration-domainconfigurationname): String [DomainConfigurationStatus](#cfn-iot-domainconfiguration-domainconfigurationstatus): String [DomainName](#cfn-iot-domainconfiguration-domainname): String [ServerCertificateArns](#cfn-iot-domainconfiguration-servercertificatearns): - String [ServerCertificateConfig](#cfn-iot-domainconfiguration-servercertificateconfig): ServerCertificateConfig [ServiceType](#cfn-iot-domainconfiguration-servicetype): String [Tags](#cfn-iot-domainconfiguration-tags): - Tag [TlsConfig](#cfn-iot-domainconfiguration-tlsconfig): TlsConfig [ValidationCertificateArn](#cfn-iot-domainconfiguration-validationcertificatearn): String ``` ## Properties `ApplicationProtocol` An enumerated string that speciﬁes the application-layer protocol. *Required*: No *Type*: String *Allowed values*: `SECURE_MQTT | MQTT_WSS | HTTPS | DEFAULT` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AuthenticationType` An enumerated string that speciﬁes the authentication type. *Required*: No *Type*: String *Allowed values*: `AWS_X509 | CUSTOM_AUTH | AWS_SIGV4 | CUSTOM_AUTH_X509 | DEFAULT` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AuthorizerConfig` An object that specifies the authorization service for a domain. *Required*: No *Type*: [AuthorizerConfig](aws-properties-iot-domainconfiguration-authorizerconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ClientCertificateConfig` An object that speciﬁes the client certificate conﬁguration for a domain. *Required*: No *Type*: [ClientCertificateConfig](aws-properties-iot-domainconfiguration-clientcertificateconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DomainConfigurationName` The name of the domain configuration. This value must be unique to a region. *Required*: No *Type*: String *Pattern*: `^[\w.-]+$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DomainConfigurationStatus` The status to which the domain configuration should be updated. Valid values: `ENABLED` \$1 `DISABLED` *Required*: No *Type*: String *Allowed values*: `ENABLED | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DomainName` The name of the domain. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `253` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ServerCertificateArns` The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS-managed domains. *Required*: No *Type*: Array of String *Minimum*: `1 | 0` *Maximum*: `2048 | 1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ServerCertificateConfig` The server certificate configuration. For more information, see [Configurable endpoints](https://docs.aws.amazon.com//iot/latest/developerguide/iot-custom-endpoints-configurable.html) from the AWS IoT Core Developer Guide. *Required*: No *Type*: [ServerCertificateConfig](aws-properties-iot-domainconfiguration-servercertificateconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServiceType` The type of service delivered by the endpoint. AWS IoT Core currently supports only the `DATA` service type. *Required*: No *Type*: String *Allowed values*: `DATA | CREDENTIAL_PROVIDER | JOBS` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Metadata which can be used to manage the domain configuration. For URI Request parameters use format: ...key1=value1&key2=value2... For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..." For the cli-input-json file use format: "tags": "key1=value1&key2=value2..." *Required*: No *Type*: Array of [Tag](aws-properties-iot-domainconfiguration-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TlsConfig` An object that specifies the TLS configuration for a domain. *Required*: No *Type*: [TlsConfig](aws-properties-iot-domainconfiguration-tlsconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ValidationCertificateArn` The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS-managed domains. *Required*: No *Type*: String *Pattern*: `^arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+$` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the domain configuration name. For example: `{ "Ref": "MyDomainConfiguration" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the domain configuration. `DomainType` The type of service delivered by the domain. `ServerCertificates` The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS-managed domains. # AWS::IoT::DomainConfiguration AuthorizerConfig An object that specifies the authorization service for a domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AllowAuthorizerOverride](#cfn-iot-domainconfiguration-authorizerconfig-allowauthorizeroverride)" : Boolean, "[DefaultAuthorizerName](#cfn-iot-domainconfiguration-authorizerconfig-defaultauthorizername)" : String } ``` ### YAML ``` [AllowAuthorizerOverride](#cfn-iot-domainconfiguration-authorizerconfig-allowauthorizeroverride): Boolean [DefaultAuthorizerName](#cfn-iot-domainconfiguration-authorizerconfig-defaultauthorizername): String ``` ## Properties `AllowAuthorizerOverride` A Boolean that specifies whether the domain configuration's authorization service can be overridden. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DefaultAuthorizerName` The name of the authorization service for a domain configuration. *Required*: No *Type*: String *Pattern*: `^[\w=,@-]+$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::DomainConfiguration ClientCertificateConfig An object that speciﬁes the client certificate conﬁguration for a domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ClientCertificateCallbackArn](#cfn-iot-domainconfiguration-clientcertificateconfig-clientcertificatecallbackarn)" : String } ``` ### YAML ``` [ClientCertificateCallbackArn](#cfn-iot-domainconfiguration-clientcertificateconfig-clientcertificatecallbackarn): String ``` ## Properties `ClientCertificateCallbackArn` The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `170` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::DomainConfiguration ServerCertificateConfig The server certificate configuration. For more information, see [Configurable endpoints](https://docs.aws.amazon.com//iot/latest/developerguide/iot-custom-endpoints-configurable.html) from the AWS IoT Core Developer Guide. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EnableOCSPCheck](#cfn-iot-domainconfiguration-servercertificateconfig-enableocspcheck)" : Boolean, "[OcspAuthorizedResponderArn](#cfn-iot-domainconfiguration-servercertificateconfig-ocspauthorizedresponderarn)" : String, "[OcspLambdaArn](#cfn-iot-domainconfiguration-servercertificateconfig-ocsplambdaarn)" : String } ``` ### YAML ``` [EnableOCSPCheck](#cfn-iot-domainconfiguration-servercertificateconfig-enableocspcheck): Boolean [OcspAuthorizedResponderArn](#cfn-iot-domainconfiguration-servercertificateconfig-ocspauthorizedresponderarn): String [OcspLambdaArn](#cfn-iot-domainconfiguration-servercertificateconfig-ocsplambdaarn): String ``` ## Properties `EnableOCSPCheck` A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see [Configurable endpoints](https://docs.aws.amazon.com//iot/latest/developerguide/iot-custom-endpoints-configurable.html) from the AWS IoT Core Developer Guide. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OcspAuthorizedResponderArn` The Amazon Resource Name (ARN) for an X.509 certificate stored in ACM. If provided, AWS IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same account and region as the domain configuration. *Required*: No *Type*: String *Pattern*: `^arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+$` *Minimum*: `1` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OcspLambdaArn` The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses. The Lambda function accepts a base64-encoding of the OCSP request in the Distinguished Encoding Rules (DER) format. The Lambda function's response is also a base64-encoded OCSP response in the DER format. The response size must not exceed 4 kilobytes (KiB). The Lambda function must be in the same account and region as the domain configuration. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `170` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::DomainConfiguration ServerCertificateSummary An object that contains information about a server certificate. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ServerCertificateArn](#cfn-iot-domainconfiguration-servercertificatesummary-servercertificatearn)" : String, "[ServerCertificateStatus](#cfn-iot-domainconfiguration-servercertificatesummary-servercertificatestatus)" : String, "[ServerCertificateStatusDetail](#cfn-iot-domainconfiguration-servercertificatesummary-servercertificatestatusdetail)" : String } ``` ### YAML ``` [ServerCertificateArn](#cfn-iot-domainconfiguration-servercertificatesummary-servercertificatearn): String [ServerCertificateStatus](#cfn-iot-domainconfiguration-servercertificatesummary-servercertificatestatus): String [ServerCertificateStatusDetail](#cfn-iot-domainconfiguration-servercertificatesummary-servercertificatestatusdetail): String ``` ## Properties `ServerCertificateArn` The ARN of the server certificate. *Required*: No *Type*: String *Pattern*: `^arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+$` *Minimum*: `1` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServerCertificateStatus` The status of the server certificate. *Required*: No *Type*: String *Allowed values*: `INVALID | VALID` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServerCertificateStatusDetail` Details that explain the status of the server certificate. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::DomainConfiguration Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-domainconfiguration-tag-key)" : String, "[Value](#cfn-iot-domainconfiguration-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-domainconfiguration-tag-key): String [Value](#cfn-iot-domainconfiguration-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::DomainConfiguration TlsConfig An object that specifies the TLS configuration for a domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[SecurityPolicy](#cfn-iot-domainconfiguration-tlsconfig-securitypolicy)" : String } ``` ### YAML ``` [SecurityPolicy](#cfn-iot-domainconfiguration-tlsconfig-securitypolicy): String ``` ## Properties `SecurityPolicy` The security policy for a domain configuration. For more information, see [Security policies ](https://docs.aws.amazon.com/iot/latest/developerguide/transport-security.html#tls-policy-table) in the *AWS IoT Core developer guide*. *Required*: No *Type*: String *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::EncryptionConfiguration Retrieves the encryption configuration for resources and data of your AWS account in AWS IoT Core. For more information, see [Data encryption at rest](https://docs.aws.amazon.com/iot/latest/developerguide/encryption-at-rest.html) in the *AWS IoT Core Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::EncryptionConfiguration", "Properties" : { "[EncryptionType](#cfn-iot-encryptionconfiguration-encryptiontype)" : String, "[KmsAccessRoleArn](#cfn-iot-encryptionconfiguration-kmsaccessrolearn)" : String, "[KmsKeyArn](#cfn-iot-encryptionconfiguration-kmskeyarn)" : String } } ``` ### YAML ``` Type: AWS::IoT::EncryptionConfiguration Properties: [EncryptionType](#cfn-iot-encryptionconfiguration-encryptiontype): String [KmsAccessRoleArn](#cfn-iot-encryptionconfiguration-kmsaccessrolearn): String [KmsKeyArn](#cfn-iot-encryptionconfiguration-kmskeyarn): String ``` ## Properties `EncryptionType` The type of the KMS key. *Required*: Yes *Type*: String *Allowed values*: `CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KMS_KEY` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `KmsAccessRoleArn` The Amazon Resource Name (ARN) of the IAM role assumed by AWS IoT Core to call AWS KMS on behalf of the customer. *Required*: No *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `KmsKeyArn` The ARN of the customer managed KMS key. *Required*: No *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the AWS account ID. For example: `{ "Ref": "MyEncryptionConfiguration" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `AccountId` The unique identifier (ID) of an AWS account. `LastModifiedDate` The date when encryption configuration is last updated. ## Examples The following example creates an encryption configuration using a customer managed AWS KMS key. ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyEncryptionConfiguration": { "Type": "AWS::IoT::EncryptionConfiguration", "Properties": { "EncryptionType": "CUSTOMER_MANAGED_KMS_KEY", "KmsKeyArn": "arn:aws:kms:us-east-1:123456789012:key/abcd1234-ab12-cd34-ef56-abcdef123456", "KmsAccessRoleArn": "arn:aws:iam::123456789012:role/IoTKmsAccessRole" } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MyEncryptionConfiguration: Type: AWS::IoT::EncryptionConfiguration Properties: EncryptionType: CUSTOMER_MANAGED_KMS_KEY KmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/abcd1234-ab12-cd34-ef56-abcdef123456 KmsAccessRoleArn: arn:aws:iam::123456789012:role/IoTKmsAccessRole ``` # AWS::IoT::EncryptionConfiguration ConfigurationDetails The encryption configuration details that include the status information of the AWS Key Management Service (AWS KMS) key and the AWS KMS access role. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ConfigurationStatus](#cfn-iot-encryptionconfiguration-configurationdetails-configurationstatus)" : String, "[ErrorCode](#cfn-iot-encryptionconfiguration-configurationdetails-errorcode)" : String, "[ErrorMessage](#cfn-iot-encryptionconfiguration-configurationdetails-errormessage)" : String } ``` ### YAML ``` [ConfigurationStatus](#cfn-iot-encryptionconfiguration-configurationdetails-configurationstatus): String [ErrorCode](#cfn-iot-encryptionconfiguration-configurationdetails-errorcode): String [ErrorMessage](#cfn-iot-encryptionconfiguration-configurationdetails-errormessage): String ``` ## Properties `ConfigurationStatus` The health status of KMS key and AWS KMS access role. If either KMS key or AWS KMS access role is `UNHEALTHY`, the return value will be `UNHEALTHY`. To use a customer managed KMS key, the value of `configurationStatus` must be `HEALTHY`. *Required*: No *Type*: String *Allowed values*: `HEALTHY | UNHEALTHY` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ErrorCode` The error code that indicates either the KMS key or the AWS KMS access role is `UNHEALTHY`. Valid values: `KMS_KEY_VALIDATION_ERROR` and `ROLE_VALIDATION_ERROR`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ErrorMessage` The detailed error message that corresponds to the `errorCode`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::FleetMetric Use the `AWS::IoT::FleetMetric` resource to declare a fleet metric. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::FleetMetric", "Properties" : { "[AggregationField](#cfn-iot-fleetmetric-aggregationfield)" : String, "[AggregationType](#cfn-iot-fleetmetric-aggregationtype)" : AggregationType, "[Description](#cfn-iot-fleetmetric-description)" : String, "[IndexName](#cfn-iot-fleetmetric-indexname)" : String, "[MetricName](#cfn-iot-fleetmetric-metricname)" : String, "[Period](#cfn-iot-fleetmetric-period)" : Integer, "[QueryString](#cfn-iot-fleetmetric-querystring)" : String, "[QueryVersion](#cfn-iot-fleetmetric-queryversion)" : String, "[Tags](#cfn-iot-fleetmetric-tags)" : [ Tag, ... ], "[Unit](#cfn-iot-fleetmetric-unit)" : String } } ``` ### YAML ``` Type: AWS::IoT::FleetMetric Properties: [AggregationField](#cfn-iot-fleetmetric-aggregationfield): String [AggregationType](#cfn-iot-fleetmetric-aggregationtype): AggregationType [Description](#cfn-iot-fleetmetric-description): String [IndexName](#cfn-iot-fleetmetric-indexname): String [MetricName](#cfn-iot-fleetmetric-metricname): String [Period](#cfn-iot-fleetmetric-period): Integer [QueryString](#cfn-iot-fleetmetric-querystring): String [QueryVersion](#cfn-iot-fleetmetric-queryversion): String [Tags](#cfn-iot-fleetmetric-tags): - Tag [Unit](#cfn-iot-fleetmetric-unit): String ``` ## Properties `AggregationField` The field to aggregate. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AggregationType` The type of the aggregation query. *Required*: No *Type*: [AggregationType](aws-properties-iot-fleetmetric-aggregationtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` The fleet metric description. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IndexName` The name of the index to search. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricName` The name of the fleet metric to create. *Required*: Yes *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Period` The time in seconds between fleet metric emissions. Range [60(1 min), 86400(1 day)] and must be multiple of 60. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `QueryString` The search query string. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `QueryVersion` The query version. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata which can be used to manage the fleet metric. *Required*: No *Type*: Array of [Tag](aws-properties-iot-fleetmetric-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Unit` Used to support unit transformation such as milliseconds to seconds. Must be a unit supported by CW metric. Default to null. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the fleet metric name. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `CreationDate` The time the fleet metric was created. `LastModifiedDate` The time the fleet metric was last modified. `MetricArn` The Amazon Resource Name (ARN) of the fleet metric. `Version` The fleet metric version. # AWS::IoT::FleetMetric AggregationType The type of aggregation queries. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Name](#cfn-iot-fleetmetric-aggregationtype-name)" : String, "[Values](#cfn-iot-fleetmetric-aggregationtype-values)" : [ String, ... ] } ``` ### YAML ``` [Name](#cfn-iot-fleetmetric-aggregationtype-name): String [Values](#cfn-iot-fleetmetric-aggregationtype-values): - String ``` ## Properties `Name` The name of the aggregation type. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Values` A list of the values of aggregation types. *Required*: Yes *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::FleetMetric Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-fleetmetric-tag-key)" : String, "[Value](#cfn-iot-fleetmetric-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-fleetmetric-tag-key): String [Value](#cfn-iot-fleetmetric-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::JobTemplate Represents a job template. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::JobTemplate", "Properties" : { "[AbortConfig](#cfn-iot-jobtemplate-abortconfig)" : AbortConfig, "[Description](#cfn-iot-jobtemplate-description)" : String, "[DestinationPackageVersions](#cfn-iot-jobtemplate-destinationpackageversions)" : [ String, ... ], "[Document](#cfn-iot-jobtemplate-document)" : String, "[DocumentSource](#cfn-iot-jobtemplate-documentsource)" : String, "[JobArn](#cfn-iot-jobtemplate-jobarn)" : String, "[JobExecutionsRetryConfig](#cfn-iot-jobtemplate-jobexecutionsretryconfig)" : JobExecutionsRetryConfig, "[JobExecutionsRolloutConfig](#cfn-iot-jobtemplate-jobexecutionsrolloutconfig)" : JobExecutionsRolloutConfig, "[JobTemplateId](#cfn-iot-jobtemplate-jobtemplateid)" : String, "[MaintenanceWindows](#cfn-iot-jobtemplate-maintenancewindows)" : [ MaintenanceWindow, ... ], "[PresignedUrlConfig](#cfn-iot-jobtemplate-presignedurlconfig)" : PresignedUrlConfig, "[Tags](#cfn-iot-jobtemplate-tags)" : [ Tag, ... ], "[TimeoutConfig](#cfn-iot-jobtemplate-timeoutconfig)" : TimeoutConfig } } ``` ### YAML ``` Type: AWS::IoT::JobTemplate Properties: [AbortConfig](#cfn-iot-jobtemplate-abortconfig): AbortConfig [Description](#cfn-iot-jobtemplate-description): String [DestinationPackageVersions](#cfn-iot-jobtemplate-destinationpackageversions): - String [Document](#cfn-iot-jobtemplate-document): String [DocumentSource](#cfn-iot-jobtemplate-documentsource): String [JobArn](#cfn-iot-jobtemplate-jobarn): String [JobExecutionsRetryConfig](#cfn-iot-jobtemplate-jobexecutionsretryconfig): JobExecutionsRetryConfig [JobExecutionsRolloutConfig](#cfn-iot-jobtemplate-jobexecutionsrolloutconfig): JobExecutionsRolloutConfig [JobTemplateId](#cfn-iot-jobtemplate-jobtemplateid): String [MaintenanceWindows](#cfn-iot-jobtemplate-maintenancewindows): - MaintenanceWindow [PresignedUrlConfig](#cfn-iot-jobtemplate-presignedurlconfig): PresignedUrlConfig [Tags](#cfn-iot-jobtemplate-tags): - Tag [TimeoutConfig](#cfn-iot-jobtemplate-timeoutconfig): TimeoutConfig ``` ## Properties `AbortConfig` The criteria that determine when and how a job abort takes place. *Required*: No *Type*: [AbortConfig](aws-properties-iot-jobtemplate-abortconfig.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Description` A description of the job template. *Required*: Yes *Type*: String *Pattern*: `[^\p{C}]+` *Maximum*: `2028` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DestinationPackageVersions` The package version Amazon Resource Names (ARNs) that are installed on the device’s reserved named shadow (`$package`) when the job successfully completes. **Note:** Up to 25 package version ARNS are allowed. *Required*: No *Type*: Array of String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Document` The job document. Required if you don't specify a value for `documentSource`. *Required*: No *Type*: String *Maximum*: `32768` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DocumentSource` An S3 link, or S3 object URL, to the job document. The link is an Amazon S3 object URL and is required if you don't specify a value for `document`. For example, `--document-source https://s3.region-code.amazonaws.com/example-firmware/device-firmware.1.0` For more information, see [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html). *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `1350` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `JobArn` The ARN of the job to use as the basis for the job template. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `JobExecutionsRetryConfig` Allows you to create the criteria to retry a job. *Required*: No *Type*: [JobExecutionsRetryConfig](aws-properties-iot-jobtemplate-jobexecutionsretryconfig.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `JobExecutionsRolloutConfig` Allows you to create a staged rollout of a job. *Required*: No *Type*: [JobExecutionsRolloutConfig](aws-properties-iot-jobtemplate-jobexecutionsrolloutconfig.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `JobTemplateId` A unique identifier for the job template. We recommend using a UUID. Alpha-numeric characters, "-", and "\$1" are valid for use here. *Required*: Yes *Type*: String *Pattern*: `[a-zA-Z0-9_-]+` *Minimum*: `1` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `MaintenanceWindows` An optional configuration within the SchedulingConfig to setup a recurring maintenance window with a predetermined start time and duration for the rollout of a job document to all devices in a target group for a job. *Required*: No *Type*: Array of [MaintenanceWindow](aws-properties-iot-jobtemplate-maintenancewindow.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `PresignedUrlConfig` Configuration for pre-signed S3 URLs. *Required*: No *Type*: [PresignedUrlConfig](aws-properties-iot-jobtemplate-presignedurlconfig.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Metadata that can be used to manage the job template. *Required*: No *Type*: Array of [Tag](aws-properties-iot-jobtemplate-tag.md) *Maximum*: `50` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `TimeoutConfig` Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to `IN_PROGRESS`. If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to `TIMED_OUT`. *Required*: No *Type*: [TimeoutConfig](aws-properties-iot-jobtemplate-timeoutconfig.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the job template Id. For example: `{ "Ref": "MyJobTemplate-12345" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The ARN of the job to use as the basis for the job template. # AWS::IoT::JobTemplate AbortConfig The criteria that determine when and how a job abort takes place. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CriteriaList](#cfn-iot-jobtemplate-abortconfig-criterialist)" : [ AbortCriteria, ... ] } ``` ### YAML ``` [CriteriaList](#cfn-iot-jobtemplate-abortconfig-criterialist): - AbortCriteria ``` ## Properties `CriteriaList` The list of criteria that determine when and how to abort the job. *Required*: Yes *Type*: Array of [AbortCriteria](aws-properties-iot-jobtemplate-abortcriteria.md) *Minimum*: `1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate AbortCriteria The criteria that determine when and how a job abort takes place. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Action](#cfn-iot-jobtemplate-abortcriteria-action)" : String, "[FailureType](#cfn-iot-jobtemplate-abortcriteria-failuretype)" : String, "[MinNumberOfExecutedThings](#cfn-iot-jobtemplate-abortcriteria-minnumberofexecutedthings)" : Integer, "[ThresholdPercentage](#cfn-iot-jobtemplate-abortcriteria-thresholdpercentage)" : Number } ``` ### YAML ``` [Action](#cfn-iot-jobtemplate-abortcriteria-action): String [FailureType](#cfn-iot-jobtemplate-abortcriteria-failuretype): String [MinNumberOfExecutedThings](#cfn-iot-jobtemplate-abortcriteria-minnumberofexecutedthings): Integer [ThresholdPercentage](#cfn-iot-jobtemplate-abortcriteria-thresholdpercentage): Number ``` ## Properties `Action` The type of job action to take to initiate the job abort. *Required*: Yes *Type*: String *Allowed values*: `CANCEL` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `FailureType` The type of job execution failures that can initiate a job abort. *Required*: Yes *Type*: String *Allowed values*: `FAILED | REJECTED | TIMED_OUT | ALL` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `MinNumberOfExecutedThings` The minimum number of things which must receive job execution notifications before the job can be aborted. *Required*: Yes *Type*: Integer *Minimum*: `1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ThresholdPercentage` The minimum percentage of job execution failures that must occur to initiate the job abort. AWS IoT Core supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999). *Required*: Yes *Type*: Number *Maximum*: `100` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate ExponentialRolloutRate Allows you to create an exponential rate of rollout for a job. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BaseRatePerMinute](#cfn-iot-jobtemplate-exponentialrolloutrate-baserateperminute)" : Integer, "[IncrementFactor](#cfn-iot-jobtemplate-exponentialrolloutrate-incrementfactor)" : Number, "[RateIncreaseCriteria](#cfn-iot-jobtemplate-exponentialrolloutrate-rateincreasecriteria)" : RateIncreaseCriteria } ``` ### YAML ``` [BaseRatePerMinute](#cfn-iot-jobtemplate-exponentialrolloutrate-baserateperminute): Integer [IncrementFactor](#cfn-iot-jobtemplate-exponentialrolloutrate-incrementfactor): Number [RateIncreaseCriteria](#cfn-iot-jobtemplate-exponentialrolloutrate-rateincreasecriteria): RateIncreaseCriteria ``` ## Properties `BaseRatePerMinute` The minimum number of things that will be notified of a pending job, per minute at the start of job rollout. This parameter allows you to define the initial rate of rollout. *Required*: Yes *Type*: Integer *Minimum*: `1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `IncrementFactor` The exponential factor to increase the rate of rollout for a job. AWS IoT Core supports up to one digit after the decimal (for example, 1.5, but not 1.55). *Required*: Yes *Type*: Number *Minimum*: `1` *Maximum*: `5` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RateIncreaseCriteria` The criteria to initiate the increase in rate of rollout for a job. *Required*: Yes *Type*: [RateIncreaseCriteria](aws-properties-iot-jobtemplate-rateincreasecriteria.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate JobExecutionsRetryConfig The configuration that determines how many retries are allowed for each failure type for a job. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[RetryCriteriaList](#cfn-iot-jobtemplate-jobexecutionsretryconfig-retrycriterialist)" : [ RetryCriteria, ... ] } ``` ### YAML ``` [RetryCriteriaList](#cfn-iot-jobtemplate-jobexecutionsretryconfig-retrycriterialist): - RetryCriteria ``` ## Properties `RetryCriteriaList` The list of criteria that determines how many retries are allowed for each failure type for a job. *Required*: No *Type*: Array of [RetryCriteria](aws-properties-iot-jobtemplate-retrycriteria.md) *Minimum*: `1` *Maximum*: `2` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate JobExecutionsRolloutConfig Allows you to create a staged rollout of a job. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ExponentialRolloutRate](#cfn-iot-jobtemplate-jobexecutionsrolloutconfig-exponentialrolloutrate)" : ExponentialRolloutRate, "[MaximumPerMinute](#cfn-iot-jobtemplate-jobexecutionsrolloutconfig-maximumperminute)" : Integer } ``` ### YAML ``` [ExponentialRolloutRate](#cfn-iot-jobtemplate-jobexecutionsrolloutconfig-exponentialrolloutrate): ExponentialRolloutRate [MaximumPerMinute](#cfn-iot-jobtemplate-jobexecutionsrolloutconfig-maximumperminute): Integer ``` ## Properties `ExponentialRolloutRate` The rate of increase for a job rollout. This parameter allows you to define an exponential rate for a job rollout. *Required*: No *Type*: [ExponentialRolloutRate](aws-properties-iot-jobtemplate-exponentialrolloutrate.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `MaximumPerMinute` The maximum number of things that will be notified of a pending job, per minute. This parameter allows you to create a staged rollout. *Required*: No *Type*: Integer *Minimum*: `1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate MaintenanceWindow An optional configuration within the `SchedulingConfig` to setup a recurring maintenance window with a predetermined start time and duration for the rollout of a job document to all devices in a target group for a job. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DurationInMinutes](#cfn-iot-jobtemplate-maintenancewindow-durationinminutes)" : Integer, "[StartTime](#cfn-iot-jobtemplate-maintenancewindow-starttime)" : String } ``` ### YAML ``` [DurationInMinutes](#cfn-iot-jobtemplate-maintenancewindow-durationinminutes): Integer [StartTime](#cfn-iot-jobtemplate-maintenancewindow-starttime): String ``` ## Properties `DurationInMinutes` Displays the duration of the next maintenance window. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `1430` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `StartTime` Displays the start time of the next maintenance window. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate PresignedUrlConfig Configuration for pre-signed S3 URLs. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ExpiresInSec](#cfn-iot-jobtemplate-presignedurlconfig-expiresinsec)" : Integer, "[RoleArn](#cfn-iot-jobtemplate-presignedurlconfig-rolearn)" : String } ``` ### YAML ``` [ExpiresInSec](#cfn-iot-jobtemplate-presignedurlconfig-expiresinsec): Integer [RoleArn](#cfn-iot-jobtemplate-presignedurlconfig-rolearn): String ``` ## Properties `ExpiresInSec` How long (in seconds) pre-signed URLs are valid. Valid values are 60 - 3600, the default value is 3600 seconds. Pre-signed URLs are generated when Jobs receives an MQTT request for the job document. *Required*: No *Type*: Integer *Minimum*: `60` *Maximum*: `3600` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RoleArn` The ARN of an IAM role that grants grants permission to download files from the S3 bucket where the job data/updates are stored. The role must also grant permission for IoT to download the files. For information about addressing the confused deputy problem, see [cross-service confused deputy prevention](https://docs.aws.amazon.com/iot/latest/developerguide/cross-service-confused-deputy-prevention.html) in the *AWS IoT Core developer guide*. *Required*: Yes *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate RateIncreaseCriteria Allows you to define a criteria to initiate the increase in rate of rollout for a job. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[NumberOfNotifiedThings](#cfn-iot-jobtemplate-rateincreasecriteria-numberofnotifiedthings)" : Integer, "[NumberOfSucceededThings](#cfn-iot-jobtemplate-rateincreasecriteria-numberofsucceededthings)" : Integer } ``` ### YAML ``` [NumberOfNotifiedThings](#cfn-iot-jobtemplate-rateincreasecriteria-numberofnotifiedthings): Integer [NumberOfSucceededThings](#cfn-iot-jobtemplate-rateincreasecriteria-numberofsucceededthings): Integer ``` ## Properties `NumberOfNotifiedThings` The threshold for number of notified things that will initiate the increase in rate of rollout. *Required*: No *Type*: Integer *Minimum*: `1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `NumberOfSucceededThings` The threshold for number of succeeded things that will initiate the increase in rate of rollout. *Required*: No *Type*: Integer *Minimum*: `1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate RetryCriteria The criteria that determines how many retries are allowed for each failure type for a job. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FailureType](#cfn-iot-jobtemplate-retrycriteria-failuretype)" : String, "[NumberOfRetries](#cfn-iot-jobtemplate-retrycriteria-numberofretries)" : Integer } ``` ### YAML ``` [FailureType](#cfn-iot-jobtemplate-retrycriteria-failuretype): String [NumberOfRetries](#cfn-iot-jobtemplate-retrycriteria-numberofretries): Integer ``` ## Properties `FailureType` The type of job execution failures that can initiate a job retry. *Required*: No *Type*: String *Allowed values*: `FAILED | TIMED_OUT | ALL` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `NumberOfRetries` The number of retries allowed for a failure type for the job. *Required*: No *Type*: Integer *Minimum*: `0` *Maximum*: `10` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-jobtemplate-tag-key)" : String, "[Value](#cfn-iot-jobtemplate-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-jobtemplate-tag-key): String [Value](#cfn-iot-jobtemplate-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::JobTemplate TimeoutConfig Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to `IN_PROGRESS`. If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to `TIMED_OUT`. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[InProgressTimeoutInMinutes](#cfn-iot-jobtemplate-timeoutconfig-inprogresstimeoutinminutes)" : Integer } ``` ### YAML ``` [InProgressTimeoutInMinutes](#cfn-iot-jobtemplate-timeoutconfig-inprogresstimeoutinminutes): Integer ``` ## Properties `InProgressTimeoutInMinutes` Specifies the amount of time, in minutes, this device has to finish execution of this job. The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The in progress timer can't be updated and will apply to all job executions for the job. Whenever a job execution remains in the IN\$1PROGRESS status for longer than this interval, the job execution will fail and switch to the terminal `TIMED_OUT` status. *Required*: Yes *Type*: Integer *Minimum*: `1` *Maximum*: `10080` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::Logging Configure logging. **Note** If you already set the log function of AWS IoT Core, you can't deploy the AWS Cloud Development Kit (AWS CDK) to change the logging settings. You can change the logging settings by either: Importing the existing logging resource into your CloudFormation stack, such as with the [infrastructure as code generator (IaC generator)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/generate-IaC.html). Calling `aws iot set-v2-logging-options --disable-all-logs` before creating a new CloudFormation stack. This command disables all AWS IoT logging. As a result, no AWS IoT logs will be delivered to Amazon CloudWatch until you re-enable logging. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Logging", "Properties" : { "[AccountId](#cfn-iot-logging-accountid)" : String, "[DefaultLogLevel](#cfn-iot-logging-defaultloglevel)" : String, "[EventConfigurations](#cfn-iot-logging-eventconfigurations)" : [ EventConfiguration, ... ], "[RoleArn](#cfn-iot-logging-rolearn)" : String } } ``` ### YAML ``` Type: AWS::IoT::Logging Properties: [AccountId](#cfn-iot-logging-accountid): String [DefaultLogLevel](#cfn-iot-logging-defaultloglevel): String [EventConfigurations](#cfn-iot-logging-eventconfigurations): - EventConfiguration [RoleArn](#cfn-iot-logging-rolearn): String ``` ## Properties `AccountId` The account ID. *Required*: Yes *Type*: String *Pattern*: `^[0-9]{12}$` *Minimum*: `12` *Maximum*: `12` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DefaultLogLevel` The default log level. Valid Values: `DEBUG | INFO | ERROR | WARN | DISABLED` *Required*: Yes *Type*: String *Allowed values*: `ERROR | WARN | INFO | DEBUG | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EventConfigurations` Configurations for event-based logging that specifies which event types to log and their logging settings. Overrides account-level logging for the specified event. *Required*: No *Type*: Array of [EventConfiguration](aws-properties-iot-logging-eventconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The role ARN used for the log. *Required*: Yes *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the log ID. For example: `{"Ref": "Log-12345"}` # AWS::IoT::Logging EventConfiguration Configuration for event-based logging that specifies which event types to log and their logging settings. Used for account-level logging overrides. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EventType](#cfn-iot-logging-eventconfiguration-eventtype)" : String, "[LogDestination](#cfn-iot-logging-eventconfiguration-logdestination)" : String, "[LogLevel](#cfn-iot-logging-eventconfiguration-loglevel)" : String } ``` ### YAML ``` [EventType](#cfn-iot-logging-eventconfiguration-eventtype): String [LogDestination](#cfn-iot-logging-eventconfiguration-logdestination): String [LogLevel](#cfn-iot-logging-eventconfiguration-loglevel): String ``` ## Properties `EventType` The type of event to log. These include event types like Connect, Publish, and Disconnect. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `512` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogDestination` CloudWatch Log Group for event-based logging. Specifies where log events should be sent. The log destination for event-based logging overrides default Log Group for the specified event type and applies to all resources associated with that event. *Required*: No *Type*: String *Pattern*: `^(?!aws/)[a-zA-Z0-9_\-/.#]+$` *Minimum*: `1` *Maximum*: `512` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogLevel` The logging level for the specified event type. Determines the verbosity of log messages generated for this event type. Valid Values: `ERROR | WARN | INFO | DEBUG | DISABLED` *Required*: No *Type*: String *Allowed values*: `ERROR | WARN | INFO | DEBUG | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::MitigationAction Defines an action that can be applied to audit findings by using StartAuditMitigationActionsTask. For API reference, see [CreateMitigationAction](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateMitigationAction.html) and for general information, see [Mitigation actions](https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::MitigationAction", "Properties" : { "[ActionName](#cfn-iot-mitigationaction-actionname)" : String, "[ActionParams](#cfn-iot-mitigationaction-actionparams)" : ActionParams, "[RoleArn](#cfn-iot-mitigationaction-rolearn)" : String, "[Tags](#cfn-iot-mitigationaction-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::MitigationAction Properties: [ActionName](#cfn-iot-mitigationaction-actionname): String [ActionParams](#cfn-iot-mitigationaction-actionparams): ActionParams [RoleArn](#cfn-iot-mitigationaction-rolearn): String [Tags](#cfn-iot-mitigationaction-tags): - Tag ``` ## Properties `ActionName` The friendly name of the mitigation action. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ActionParams` The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply. *Required*: Yes *Type*: [ActionParams](aws-properties-iot-mitigationaction-actionparams.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The IAM role ARN used to apply this mitigation action. *Required*: Yes *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata that can be used to manage the mitigation action. *Required*: No *Type*: Array of [Tag](aws-properties-iot-mitigationaction-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the mitigation action name. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `MitigationActionArn` The Amazon Resource Name (ARN) of the mitigation action. `MitigationActionId` The ID of the mitigation action. ## Examples ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Web Services IoT MitigationAction Sample Template", "Resources": { "PublishToSnsMitigationAction": { "Type": "AWS::IoT::MitigationAction", "Properties": { "ActionName": "PublishToSns", "RoleArn": "arn:aws:us-east-1:123456789012:iam:role/RoleForIoTMitigationActions", "ActionParams": { "PublishFindingToSnsParams": { "TopicArn": "arn:aws:sns:us-east-1:123456789012:IoTFindingNotifications" } } } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web Services IoT MitigationAction Sample Template Resources: PublishToSnsMitigationAction: Type: AWS::IoT::MitigationAction Properties: ActionName: PublishToSns RoleArn: arn:aws:us-east-1:123456789012:iam:role/RoleForIoTMitigationActions ActionParams: PublishFindingToSnsParams: TopicArn: arn:aws:sns:us-east-1:123456789012:IoTFindingNotifications ``` # AWS::IoT::MitigationAction ActionParams Defines the type of action and the parameters for that action. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AddThingsToThingGroupParams](#cfn-iot-mitigationaction-actionparams-addthingstothinggroupparams)" : AddThingsToThingGroupParams, "[EnableIoTLoggingParams](#cfn-iot-mitigationaction-actionparams-enableiotloggingparams)" : EnableIoTLoggingParams, "[PublishFindingToSnsParams](#cfn-iot-mitigationaction-actionparams-publishfindingtosnsparams)" : PublishFindingToSnsParams, "[ReplaceDefaultPolicyVersionParams](#cfn-iot-mitigationaction-actionparams-replacedefaultpolicyversionparams)" : ReplaceDefaultPolicyVersionParams, "[UpdateCACertificateParams](#cfn-iot-mitigationaction-actionparams-updatecacertificateparams)" : UpdateCACertificateParams, "[UpdateDeviceCertificateParams](#cfn-iot-mitigationaction-actionparams-updatedevicecertificateparams)" : UpdateDeviceCertificateParams } ``` ### YAML ``` [AddThingsToThingGroupParams](#cfn-iot-mitigationaction-actionparams-addthingstothinggroupparams): AddThingsToThingGroupParams [EnableIoTLoggingParams](#cfn-iot-mitigationaction-actionparams-enableiotloggingparams): EnableIoTLoggingParams [PublishFindingToSnsParams](#cfn-iot-mitigationaction-actionparams-publishfindingtosnsparams): PublishFindingToSnsParams [ReplaceDefaultPolicyVersionParams](#cfn-iot-mitigationaction-actionparams-replacedefaultpolicyversionparams): ReplaceDefaultPolicyVersionParams [UpdateCACertificateParams](#cfn-iot-mitigationaction-actionparams-updatecacertificateparams): UpdateCACertificateParams [UpdateDeviceCertificateParams](#cfn-iot-mitigationaction-actionparams-updatedevicecertificateparams): UpdateDeviceCertificateParams ``` ## Properties `AddThingsToThingGroupParams` Specifies the group to which you want to add the devices. *Required*: No *Type*: [AddThingsToThingGroupParams](aws-properties-iot-mitigationaction-addthingstothinggroupparams.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EnableIoTLoggingParams` Specifies the logging level and the role with permissions for logging. You cannot specify a logging level of `DISABLED`. *Required*: No *Type*: [EnableIoTLoggingParams](aws-properties-iot-mitigationaction-enableiotloggingparams.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PublishFindingToSnsParams` Specifies the topic to which the finding should be published. *Required*: No *Type*: [PublishFindingToSnsParams](aws-properties-iot-mitigationaction-publishfindingtosnsparams.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ReplaceDefaultPolicyVersionParams` Replaces the policy version with a default or blank policy. You specify the template name. Only a value of `BLANK_POLICY` is currently supported. *Required*: No *Type*: [ReplaceDefaultPolicyVersionParams](aws-properties-iot-mitigationaction-replacedefaultpolicyversionparams.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UpdateCACertificateParams` Specifies the new state for the CA certificate. Only a value of `DEACTIVATE` is currently supported. *Required*: No *Type*: [UpdateCACertificateParams](aws-properties-iot-mitigationaction-updatecacertificateparams.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UpdateDeviceCertificateParams` Specifies the new state for a device certificate. Only a value of `DEACTIVATE` is currently supported. *Required*: No *Type*: [UpdateDeviceCertificateParams](aws-properties-iot-mitigationaction-updatedevicecertificateparams.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::MitigationAction AddThingsToThingGroupParams Parameters used when defining a mitigation action that move a set of things to a thing group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[OverrideDynamicGroups](#cfn-iot-mitigationaction-addthingstothinggroupparams-overridedynamicgroups)" : Boolean, "[ThingGroupNames](#cfn-iot-mitigationaction-addthingstothinggroupparams-thinggroupnames)" : [ String, ... ] } ``` ### YAML ``` [OverrideDynamicGroups](#cfn-iot-mitigationaction-addthingstothinggroupparams-overridedynamicgroups): Boolean [ThingGroupNames](#cfn-iot-mitigationaction-addthingstothinggroupparams-thinggroupnames): - String ``` ## Properties `OverrideDynamicGroups` Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ThingGroupNames` The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy. *Required*: Yes *Type*: Array of String *Minimum*: `1 | 1` *Maximum*: `128 | 10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::MitigationAction EnableIoTLoggingParams Parameters used when defining a mitigation action that enable AWS IoT Core logging. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[LogLevel](#cfn-iot-mitigationaction-enableiotloggingparams-loglevel)" : String, "[RoleArnForLogging](#cfn-iot-mitigationaction-enableiotloggingparams-rolearnforlogging)" : String } ``` ### YAML ``` [LogLevel](#cfn-iot-mitigationaction-enableiotloggingparams-loglevel): String [RoleArnForLogging](#cfn-iot-mitigationaction-enableiotloggingparams-rolearnforlogging): String ``` ## Properties `LogLevel` Specifies the type of information to be logged. *Required*: Yes *Type*: String *Allowed values*: `DEBUG | INFO | ERROR | WARN | UNSET_VALUE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArnForLogging` The Amazon Resource Name (ARN) of the IAM role used for logging. *Required*: Yes *Type*: String *Minimum*: `11` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::MitigationAction PublishFindingToSnsParams Parameters to define a mitigation action that publishes findings to Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[TopicArn](#cfn-iot-mitigationaction-publishfindingtosnsparams-topicarn)" : String } ``` ### YAML ``` [TopicArn](#cfn-iot-mitigationaction-publishfindingtosnsparams-topicarn): String ``` ## Properties `TopicArn` The ARN of the topic to which you want to publish the findings. *Required*: Yes *Type*: String *Minimum*: `11` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::MitigationAction ReplaceDefaultPolicyVersionParams Parameters to define a mitigation action that adds a blank policy to restrict permissions. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[TemplateName](#cfn-iot-mitigationaction-replacedefaultpolicyversionparams-templatename)" : String } ``` ### YAML ``` [TemplateName](#cfn-iot-mitigationaction-replacedefaultpolicyversionparams-templatename): String ``` ## Properties `TemplateName` The name of the template to be applied. The only supported value is `BLANK_POLICY`. *Required*: Yes *Type*: String *Allowed values*: `BLANK_POLICY | UNSET_VALUE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::MitigationAction Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-mitigationaction-tag-key)" : String, "[Value](#cfn-iot-mitigationaction-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-mitigationaction-tag-key): String [Value](#cfn-iot-mitigationaction-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::MitigationAction UpdateCACertificateParams Parameters to define a mitigation action that changes the state of the CA certificate to inactive. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Action](#cfn-iot-mitigationaction-updatecacertificateparams-action)" : String } ``` ### YAML ``` [Action](#cfn-iot-mitigationaction-updatecacertificateparams-action): String ``` ## Properties `Action` The action that you want to apply to the CA certificate. The only supported value is `DEACTIVATE`. *Required*: Yes *Type*: String *Allowed values*: `DEACTIVATE | UNSET_VALUE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::MitigationAction UpdateDeviceCertificateParams Parameters to define a mitigation action that changes the state of the device certificate to inactive. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Action](#cfn-iot-mitigationaction-updatedevicecertificateparams-action)" : String } ``` ### YAML ``` [Action](#cfn-iot-mitigationaction-updatedevicecertificateparams-action): String ``` ## Properties `Action` The action that you want to apply to the device certificate. The only supported value is `DEACTIVATE`. *Required*: Yes *Type*: String *Allowed values*: `DEACTIVATE | UNSET_VALUE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Policy Use the `AWS::IoT::Policy` resource to declare an AWS IoT policy. For more information about working with AWS IoT policies, see [Authorization](https://docs.aws.amazon.com/iot/latest/developerguide/authorization.html) in the *AWS IoT Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Policy", "Properties" : { "[PolicyDocument](#cfn-iot-policy-policydocument)" : Json, "[PolicyName](#cfn-iot-policy-policyname)" : String, "[Tags](#cfn-iot-policy-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::Policy Properties: [PolicyDocument](#cfn-iot-policy-policydocument): Json [PolicyName](#cfn-iot-policy-policyname): String [Tags](#cfn-iot-policy-tags): - Tag ``` ## Properties `PolicyDocument` The JSON document that describes the policy. *Required*: Yes *Type*: Json *Minimum*: `1` *Maximum*: `404600` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PolicyName` The policy name. *Required*: No *Type*: String *Pattern*: `[\w+=,.@-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Property description not available. *Required*: No *Type*: Array of [Tag](aws-properties-iot-policy-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the policy name. For example: `{ "Ref": "MyPolicy" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the AWS IoT policy, such as `arn:aws:iot:us-east-2:123456789012:policy/MyPolicy`. `Id` The name of this policy. ## Examples ### The following example declares an AWS IoT policy. This example grants permission to connect to AWS IoT with client ID client1. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyIoTPolicy": { "Type": "AWS::IoT::Policy", "Properties": { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/client1" ] } ] }, "PolicyName": "PolicyName" } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MyIoTPolicy: Type: AWS::IoT::Policy Properties: PolicyDocument: Version: '2012-10-17 ' Statement: - Effect: Allow Action: - iot:Connect Resource: - arn:aws:iot:us-east-1:123456789012:client/client1 PolicyName: PolicyName ``` # AWS::IoT::Policy Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-policy-tag-key)" : String, "[Value](#cfn-iot-policy-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-policy-tag-key): String [Value](#cfn-iot-policy-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::PolicyPrincipalAttachment Use the `AWS::IoT::PolicyPrincipalAttachment` resource to attach an AWS IoT policy to a principal (an X.509 certificate or other credential). For information about working with AWS IoT policies and principals, see [Authorization](https://docs.aws.amazon.com/iot/latest/developerguide/authorization.html) in the *AWS IoT Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::PolicyPrincipalAttachment", "Properties" : { "[PolicyName](#cfn-iot-policyprincipalattachment-policyname)" : String, "[Principal](#cfn-iot-policyprincipalattachment-principal)" : String } } ``` ### YAML ``` Type: AWS::IoT::PolicyPrincipalAttachment Properties: [PolicyName](#cfn-iot-policyprincipalattachment-policyname): String [Principal](#cfn-iot-policyprincipalattachment-principal): String ``` ## Properties `PolicyName` The name of the AWS IoT policy. *Required*: Yes *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Principal` The principal, which can be a certificate ARN (as returned from the `CreateCertificate` operation) or an Amazon Cognito ID. *Required*: Yes *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Examples ### The following example attaches a policy to a principal. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyPolicyPrincipalAttachment": { "Type": "AWS::IoT::PolicyPrincipalAttachment", "Properties": { "PolicyName": { "Ref": "NameParameter" }, "Principal": "arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2" } } }, "Parameters": { "NameParameter": { "Type": "String" } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MyPolicyPrincipalAttachment: Type: AWS::IoT::PolicyPrincipalAttachment Properties: PolicyName: Ref: NameParameter Principal: arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2 Parameters: NameParameter: Type: String ``` # AWS::IoT::ProvisioningTemplate Creates a fleet provisioning template. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::ProvisioningTemplate", "Properties" : { "[Description](#cfn-iot-provisioningtemplate-description)" : String, "[Enabled](#cfn-iot-provisioningtemplate-enabled)" : Boolean, "[PreProvisioningHook](#cfn-iot-provisioningtemplate-preprovisioninghook)" : ProvisioningHook, "[ProvisioningRoleArn](#cfn-iot-provisioningtemplate-provisioningrolearn)" : String, "[Tags](#cfn-iot-provisioningtemplate-tags)" : [ Tag, ... ], "[TemplateBody](#cfn-iot-provisioningtemplate-templatebody)" : String, "[TemplateName](#cfn-iot-provisioningtemplate-templatename)" : String, "[TemplateType](#cfn-iot-provisioningtemplate-templatetype)" : String } } ``` ### YAML ``` Type: AWS::IoT::ProvisioningTemplate Properties: [Description](#cfn-iot-provisioningtemplate-description): String [Enabled](#cfn-iot-provisioningtemplate-enabled): Boolean [PreProvisioningHook](#cfn-iot-provisioningtemplate-preprovisioninghook): ProvisioningHook [ProvisioningRoleArn](#cfn-iot-provisioningtemplate-provisioningrolearn): String [Tags](#cfn-iot-provisioningtemplate-tags): - Tag [TemplateBody](#cfn-iot-provisioningtemplate-templatebody): String [TemplateName](#cfn-iot-provisioningtemplate-templatename): String [TemplateType](#cfn-iot-provisioningtemplate-templatetype): String ``` ## Properties `Description` The description of the fleet provisioning template. *Required*: No *Type*: String *Maximum*: `500` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Enabled` True to enable the fleet provisioning template, otherwise false. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PreProvisioningHook` Creates a pre-provisioning hook template. *Required*: No *Type*: [ProvisioningHook](aws-properties-iot-provisioningtemplate-provisioninghook.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ProvisioningRoleArn` The role ARN for the role associated with the fleet provisioning template. This IoT role grants permission to provision a device. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata that can be used to manage the fleet provisioning template. *Required*: No *Type*: Array of [Tag](aws-properties-iot-provisioningtemplate-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TemplateBody` The JSON formatted contents of the fleet provisioning template version. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TemplateName` The name of the fleet provisioning template. *Required*: No *Type*: String *Pattern*: `^[0-9A-Za-z_-]+$` *Minimum*: `1` *Maximum*: `36` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `TemplateType` The type of the provisioning template. *Required*: No *Type*: String *Allowed values*: `FLEET_PROVISIONING | JITP` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the template name. For example: `{ "Ref": "MyTemplate" }` For a stack named MyStack, a value similar to the following is returned: `MyStack-MyTemplate-AB1CDEFGHIJK` ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `TemplateArn` The ARN that identifies the provisioning template. # AWS::IoT::ProvisioningTemplate ProvisioningHook Structure that contains payloadVersion and targetArn. Provisioning hooks can be used when fleet provisioning to validate device parameters before allowing the device to be provisioned. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[PayloadVersion](#cfn-iot-provisioningtemplate-provisioninghook-payloadversion)" : String, "[TargetArn](#cfn-iot-provisioningtemplate-provisioninghook-targetarn)" : String } ``` ### YAML ``` [PayloadVersion](#cfn-iot-provisioningtemplate-provisioninghook-payloadversion): String [TargetArn](#cfn-iot-provisioningtemplate-provisioninghook-targetarn): String ``` ## Properties `PayloadVersion` The payload that was sent to the target function. The valid payload is `"2020-04-01"`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TargetArn` The ARN of the target function. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ProvisioningTemplate Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-provisioningtemplate-tag-key)" : String, "[Value](#cfn-iot-provisioningtemplate-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-provisioningtemplate-tag-key): String [Value](#cfn-iot-provisioningtemplate-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ResourceSpecificLogging Configure resource-specific logging. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::ResourceSpecificLogging", "Properties" : { "[LogLevel](#cfn-iot-resourcespecificlogging-loglevel)" : String, "[TargetName](#cfn-iot-resourcespecificlogging-targetname)" : String, "[TargetType](#cfn-iot-resourcespecificlogging-targettype)" : String } } ``` ### YAML ``` Type: AWS::IoT::ResourceSpecificLogging Properties: [LogLevel](#cfn-iot-resourcespecificlogging-loglevel): String [TargetName](#cfn-iot-resourcespecificlogging-targetname): String [TargetType](#cfn-iot-resourcespecificlogging-targettype): String ``` ## Properties `LogLevel` The default log level.Valid Values: `DEBUG | INFO | ERROR | WARN | DISABLED` *Required*: Yes *Type*: String *Allowed values*: `ERROR | WARN | INFO | DEBUG | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TargetName` The target name. *Required*: Yes *Type*: String *Pattern*: `[a-zA-Z0-9.:\s_\-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `TargetType` The target type. Valid Values: `DEFAULT | THING_GROUP` *Required*: Yes *Type*: String *Allowed values*: `THING_GROUP | CLIENT_ID | SOURCE_IP | PRINCIPAL_ID | EVENT_TYPE` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the resource-specific log ID. For example: `{"Ref": "MyResourceLog-12345" }` ### Fn::GetAtt #### `TargetId` The target Id. # AWS::IoT::RoleAlias Specifies a role alias. Requires permission to access the [CreateRoleAlias](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::RoleAlias", "Properties" : { "[CredentialDurationSeconds](#cfn-iot-rolealias-credentialdurationseconds)" : Integer, "[RoleAlias](#cfn-iot-rolealias-rolealias)" : String, "[RoleArn](#cfn-iot-rolealias-rolearn)" : String, "[Tags](#cfn-iot-rolealias-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::RoleAlias Properties: [CredentialDurationSeconds](#cfn-iot-rolealias-credentialdurationseconds): Integer [RoleAlias](#cfn-iot-rolealias-rolealias): String [RoleArn](#cfn-iot-rolealias-rolearn): String [Tags](#cfn-iot-rolealias-tags): - Tag ``` ## Properties `CredentialDurationSeconds` The number of seconds for which the credential is valid. *Required*: No *Type*: Integer *Minimum*: `900` *Maximum*: `43200` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleAlias` The role alias. *Required*: No *Type*: String *Pattern*: `[\w=,@-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RoleArn` The role ARN. *Required*: Yes *Type*: String *Pattern*: `arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` An array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). *Required*: No *Type*: Array of [Tag](aws-properties-iot-rolealias-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the role alias name. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `RoleAliasArn` The role alias ARN. # AWS::IoT::RoleAlias Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-rolealias-tag-key)" : String, "[Value](#cfn-iot-rolealias-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-rolealias-tag-key): String [Value](#cfn-iot-rolealias-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `127` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `255` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ScheduledAudit Use the `AWS::IoT::ScheduledAudit` resource to create a scheduled audit that is run at a specified time interval. For API reference, see [CreateScheduleAudit](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateScheduledAudit.html) and for general information, see [Audit](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::ScheduledAudit", "Properties" : { "[DayOfMonth](#cfn-iot-scheduledaudit-dayofmonth)" : String, "[DayOfWeek](#cfn-iot-scheduledaudit-dayofweek)" : String, "[Frequency](#cfn-iot-scheduledaudit-frequency)" : String, "[ScheduledAuditName](#cfn-iot-scheduledaudit-scheduledauditname)" : String, "[Tags](#cfn-iot-scheduledaudit-tags)" : [ Tag, ... ], "[TargetCheckNames](#cfn-iot-scheduledaudit-targetchecknames)" : [ String, ... ] } } ``` ### YAML ``` Type: AWS::IoT::ScheduledAudit Properties: [DayOfMonth](#cfn-iot-scheduledaudit-dayofmonth): String [DayOfWeek](#cfn-iot-scheduledaudit-dayofweek): String [Frequency](#cfn-iot-scheduledaudit-frequency): String [ScheduledAuditName](#cfn-iot-scheduledaudit-scheduledauditname): String [Tags](#cfn-iot-scheduledaudit-tags): - Tag [TargetCheckNames](#cfn-iot-scheduledaudit-targetchecknames): - String ``` ## Properties `DayOfMonth` The day of the month on which the scheduled audit is run (if the `frequency` is "MONTHLY"). If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month. *Required*: No *Type*: String *Pattern*: `^([1-9]|[12][0-9]|3[01])$|^LAST$|^UNSET_VALUE$` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DayOfWeek` The day of the week on which the scheduled audit is run (if the `frequency` is "WEEKLY" or "BIWEEKLY"). *Required*: No *Type*: String *Allowed values*: `SUN | MON | TUE | WED | THU | FRI | SAT | UNSET_VALUE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Frequency` How often the scheduled audit occurs. *Required*: Yes *Type*: String *Allowed values*: `DAILY | WEEKLY | BIWEEKLY | MONTHLY` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ScheduledAuditName` The name of the scheduled audit. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Metadata that can be used to manage the scheduled audit. *Required*: No *Type*: Array of [Tag](aws-properties-iot-scheduledaudit-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TargetCheckNames` Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use `DescribeAccountAuditConfiguration` to see the list of all checks, including those that are enabled or use `UpdateAccountAuditConfiguration` to select which checks are enabled.) The following checks are currently available: + `AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK` + `CA_CERTIFICATE_EXPIRING_CHECK` + `CA_CERTIFICATE_KEY_QUALITY_CHECK` + `CONFLICTING_CLIENT_IDS_CHECK` + `DEVICE_CERTIFICATE_EXPIRING_CHECK` + `DEVICE_CERTIFICATE_KEY_QUALITY_CHECK` + `DEVICE_CERTIFICATE_SHARED_CHECK` + `IOT_POLICY_OVERLY_PERMISSIVE_CHECK` + `IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK` + `IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK` + `LOGGING_DISABLED_CHECK` + `REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK` + `REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK` + `UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK` *Required*: Yes *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the scheduled audit name. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `ScheduledAuditArn` The ARN of the scheduled audit. ## Examples In this ScheduledAudit example, all audit checks are enabled, the frequency of the audit is weekly, and the audit will occur every Monday. ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Web Services IoT ScheduledAudit Sample Template", "Resources": { "MyScheduledAudit": { "Type": "AWS::IoT::ScheduledAudit", "Properties": { "ScheduledAuditName": "MyScheduledAudit", "DayOfWeek": "MON", "Frequency": "WEEKLY", "TargetCheckNames": [ "AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK", "CA_CERTIFICATE_EXPIRING_CHECK", "CA_CERTIFICATE_KEY_QUALITY_CHECK", "CONFLICTING_CLIENT_IDS_CHECK", "DEVICE_CERTIFICATE_EXPIRING_CHECK", "DEVICE_CERTIFICATE_KEY_QUALITY_CHECK", "DEVICE_CERTIFICATE_SHARED_CHECK", "IOT_POLICY_OVERLY_PERMISSIVE_CHECK", "IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK", "IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK", "LOGGING_DISABLED_CHECK", "REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK", "REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK", "UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK" ] } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web Services IoT ScheduledAudit Sample Template Resources: MyScheduledAudit: Type: AWS::IoT::ScheduledAudit Properties: ScheduledAuditName: MyScheduledAudit DayOfWeek: 'MON' Frequency: WEEKLY TargetCheckNames: - AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK - CA_CERTIFICATE_EXPIRING_CHECK - CA_CERTIFICATE_KEY_QUALITY_CHECK - CONFLICTING_CLIENT_IDS_CHECK - DEVICE_CERTIFICATE_EXPIRING_CHECK - DEVICE_CERTIFICATE_KEY_QUALITY_CHECK - DEVICE_CERTIFICATE_SHARED_CHECK - IOT_POLICY_OVERLY_PERMISSIVE_CHECK - IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK - IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK - LOGGING_DISABLED_CHECK - REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK - REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK - UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK ``` ## See also For more information on audit checks see [AWS::IoT::AccountAuditConfiguration AuditCheckConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html). # AWS::IoT::ScheduledAudit Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-scheduledaudit-tag-key)" : String, "[Value](#cfn-iot-scheduledaudit-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-scheduledaudit-tag-key): String [Value](#cfn-iot-scheduledaudit-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile Use the `AWS::IoT::SecurityProfile` resource to create a Device Defender security profile. For API reference, see [CreateSecurityProfile](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateSecurityProfile.html) and for general information, see [Detect](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::SecurityProfile", "Properties" : { "[AdditionalMetricsToRetainV2](#cfn-iot-securityprofile-additionalmetricstoretainv2)" : [ MetricToRetain, ... ], "[AlertTargets](#cfn-iot-securityprofile-alerttargets)" : {Key: Value, ...}, "[Behaviors](#cfn-iot-securityprofile-behaviors)" : [ Behavior, ... ], "[MetricsExportConfig](#cfn-iot-securityprofile-metricsexportconfig)" : MetricsExportConfig, "[SecurityProfileDescription](#cfn-iot-securityprofile-securityprofiledescription)" : String, "[SecurityProfileName](#cfn-iot-securityprofile-securityprofilename)" : String, "[Tags](#cfn-iot-securityprofile-tags)" : [ Tag, ... ], "[TargetArns](#cfn-iot-securityprofile-targetarns)" : [ String, ... ] } } ``` ### YAML ``` Type: AWS::IoT::SecurityProfile Properties: [AdditionalMetricsToRetainV2](#cfn-iot-securityprofile-additionalmetricstoretainv2): - MetricToRetain [AlertTargets](#cfn-iot-securityprofile-alerttargets): Key: Value [Behaviors](#cfn-iot-securityprofile-behaviors): - Behavior [MetricsExportConfig](#cfn-iot-securityprofile-metricsexportconfig): MetricsExportConfig [SecurityProfileDescription](#cfn-iot-securityprofile-securityprofiledescription): String [SecurityProfileName](#cfn-iot-securityprofile-securityprofilename): String [Tags](#cfn-iot-securityprofile-tags): - Tag [TargetArns](#cfn-iot-securityprofile-targetarns): - String ``` ## Properties `AdditionalMetricsToRetainV2` A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's `behaviors`, but it's also retained for any metric specified here. Can be used with custom metrics; can't be used with dimensions. *Required*: No *Type*: Array of [MetricToRetain](aws-properties-iot-securityprofile-metrictoretain.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AlertTargets` Specifies the destinations to which alerts are sent. (Alerts are always sent to the console.) Alerts are generated when a device (thing) violates a behavior. *Required*: No *Type*: Object of [AlertTarget](aws-properties-iot-securityprofile-alerttarget.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Behaviors` Specifies the behaviors that, when violated by a device (thing), cause an alert. *Required*: No *Type*: Array of [Behavior](aws-properties-iot-securityprofile-behavior.md) *Maximum*: `100` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricsExportConfig` Specifies the MQTT topic and role ARN required for metric export. *Required*: No *Type*: [MetricsExportConfig](aws-properties-iot-securityprofile-metricsexportconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecurityProfileDescription` A description of the security profile. *Required*: No *Type*: String *Maximum*: `1000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecurityProfileName` The name you gave to the security profile. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Metadata that can be used to manage the security profile. *Required*: No *Type*: Array of [Tag](aws-properties-iot-securityprofile-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TargetArns` The ARN of the target (thing group) to which the security profile is attached. *Required*: No *Type*: Array of String *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the security profile name. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `SecurityProfileArn` The Amazon Resource Name (ARN) of the security profile. ## Examples ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Web Services IoT SecurityProfile Sample Template", "Resources": { "MySecurityProfile": { "Type": "AWS::IoT::SecurityProfile", "Properties": { "AdditionalMetricsToRetainV2": [ { "Metric": "aws:num-messages-received" }, { "Metric": "aws:num-disconnects" } ], "AlertTargets": { "SNS": { "AlertTargetArn": "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts", "RoleArn": "arn:aws:iam::123456789012:role/RoleForDefenderAlerts" } }, "Behaviors": [ { "Name": "MaxMessageSize", "Metric": "aws:message-byte-size", "Criteria": { "ConsecutiveDatapointsToAlarm": 1, "ConsecutiveDatapointsToClear": 1, "ComparisonOperator": "less-than-equals", "Value": { "Count": 5 } } }, { "Name": "OutboundMessageCount", "Metric": "aws:num-messages-sent", "Criteria": { "DurationSeconds": 300, "ComparisonOperator": "less-than-equals", "Value": { "Count": 50 } } }, { "Name": "AuthFailuresStatThreshold", "Metric": "aws:num-authorization-failures", "Criteria": { "ComparisonOperator": "less-than-equals", "DurationSeconds": 300, "StatisticalThreshold": { "Statistic": "p90" } } } ], "SecurityProfileDescription": "Contains expected behaviors for connected devices", "SecurityProfileName": "ProfileForConnectedDevices", "Tags": [ { "Key": "Application", "Value": "SmartHome" } ], "TargetArns": [ "arn:aws:iot:us-east-1:123456789012:all/things" ] } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web Services IoT SecurityProfile Sample Template Resources: MySecurityProfile: Type: 'AWS::IoT::SecurityProfile' Properties: AdditionalMetricsToRetainV2: - Metric: 'aws:num-messages-received' - Metric: 'aws:num-disconnects' AlertTargets: SNS: AlertTargetArn: 'arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts' RoleArn: 'arn:aws:iam::123456789012:role/RoleForDefenderAlerts' Behaviors: - Name: MaxMessageSize Metric: 'aws:message-byte-size' Criteria: ConsecutiveDatapointsToAlarm: 1 ConsecutiveDatapointsToClear: 1 ComparisonOperator: less-than-equals Value: Count: 5 - Name: OutboundMessageCount Metric: 'aws:num-messages-sent' Criteria: DurationSeconds: 300 ComparisonOperator: less-than-equals Value: Count: 50 - Name: AuthFailuresStatThreshold Metric: 'aws:num-authorization-failures' Criteria: ComparisonOperator: less-than-equals DurationSeconds: 300 StatisticalThreshold: Statistic: p90 SecurityProfileDescription: Contains expected behaviors for connected devices SecurityProfileName: ProfileForConnectedDevices Tags: - Key: Application Value: SmartHome TargetArns: - 'arn:aws:iot:us-east-1:123456789012:all/things' ``` # AWS::IoT::SecurityProfile AlertTarget A structure containing the alert target ARN and the role ARN. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AlertTargetArn](#cfn-iot-securityprofile-alerttarget-alerttargetarn)" : String, "[RoleArn](#cfn-iot-securityprofile-alerttarget-rolearn)" : String } ``` ### YAML ``` [AlertTargetArn](#cfn-iot-securityprofile-alerttarget-alerttargetarn): String [RoleArn](#cfn-iot-securityprofile-alerttarget-rolearn): String ``` ## Properties `AlertTargetArn` The Amazon Resource Name (ARN) of the notification target to which alerts are sent. *Required*: Yes *Type*: String *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the role that grants permission to send alerts to the notification target. *Required*: Yes *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile Behavior A Device Defender security profile behavior. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Criteria](#cfn-iot-securityprofile-behavior-criteria)" : BehaviorCriteria, "[ExportMetric](#cfn-iot-securityprofile-behavior-exportmetric)" : Boolean, "[Metric](#cfn-iot-securityprofile-behavior-metric)" : String, "[MetricDimension](#cfn-iot-securityprofile-behavior-metricdimension)" : MetricDimension, "[Name](#cfn-iot-securityprofile-behavior-name)" : String, "[SuppressAlerts](#cfn-iot-securityprofile-behavior-suppressalerts)" : Boolean } ``` ### YAML ``` [Criteria](#cfn-iot-securityprofile-behavior-criteria): BehaviorCriteria [ExportMetric](#cfn-iot-securityprofile-behavior-exportmetric): Boolean [Metric](#cfn-iot-securityprofile-behavior-metric): String [MetricDimension](#cfn-iot-securityprofile-behavior-metricdimension): MetricDimension [Name](#cfn-iot-securityprofile-behavior-name): String [SuppressAlerts](#cfn-iot-securityprofile-behavior-suppressalerts): Boolean ``` ## Properties `Criteria` The criteria that determine if a device is behaving normally in regard to the `metric`. In the AWS IoT console, you can choose to be sent an alert through Amazon SNS when AWS IoT Device Defender detects that a device is behaving anomalously. *Required*: No *Type*: [BehaviorCriteria](aws-properties-iot-securityprofile-behaviorcriteria.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ExportMetric` Value indicates exporting metrics related to the behavior when it is true. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Metric` What is measured by the behavior. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricDimension` The dimension of the metric. *Required*: No *Type*: [MetricDimension](aws-properties-iot-securityprofile-metricdimension.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Name` The name you've given to the behavior. *Required*: Yes *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SuppressAlerts` The alert status. If you set the value to `true`, alerts will be suppressed. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile BehaviorCriteria The criteria by which the behavior is determined to be normal. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ComparisonOperator](#cfn-iot-securityprofile-behaviorcriteria-comparisonoperator)" : String, "[ConsecutiveDatapointsToAlarm](#cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoalarm)" : Integer, "[ConsecutiveDatapointsToClear](#cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoclear)" : Integer, "[DurationSeconds](#cfn-iot-securityprofile-behaviorcriteria-durationseconds)" : Integer, "[MlDetectionConfig](#cfn-iot-securityprofile-behaviorcriteria-mldetectionconfig)" : MachineLearningDetectionConfig, "[StatisticalThreshold](#cfn-iot-securityprofile-behaviorcriteria-statisticalthreshold)" : StatisticalThreshold, "[Value](#cfn-iot-securityprofile-behaviorcriteria-value)" : MetricValue } ``` ### YAML ``` [ComparisonOperator](#cfn-iot-securityprofile-behaviorcriteria-comparisonoperator): String [ConsecutiveDatapointsToAlarm](#cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoalarm): Integer [ConsecutiveDatapointsToClear](#cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoclear): Integer [DurationSeconds](#cfn-iot-securityprofile-behaviorcriteria-durationseconds): Integer [MlDetectionConfig](#cfn-iot-securityprofile-behaviorcriteria-mldetectionconfig): MachineLearningDetectionConfig [StatisticalThreshold](#cfn-iot-securityprofile-behaviorcriteria-statisticalthreshold): StatisticalThreshold [Value](#cfn-iot-securityprofile-behaviorcriteria-value): MetricValue ``` ## Properties `ComparisonOperator` The operator that relates the thing measured (`metric`) to the criteria (containing a `value` or `statisticalThreshold`). Valid operators include: + `string-list`: `in-set` and `not-in-set` + `number-list`: `in-set` and `not-in-set` + `ip-address-list`: `in-cidr-set` and `not-in-cidr-set` + `number`: `less-than`, `less-than-equals`, `greater-than`, and `greater-than-equals` *Required*: No *Type*: String *Allowed values*: `less-than | less-than-equals | greater-than | greater-than-equals | in-cidr-set | not-in-cidr-set | in-port-set | not-in-port-set | in-set | not-in-set` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ConsecutiveDatapointsToAlarm` If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ConsecutiveDatapointsToClear` If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DurationSeconds` Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, `NUM_MESSAGES_SENT`). For a `statisticalThreshhold` metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MlDetectionConfig` The confidence level of the detection model. *Required*: No *Type*: [MachineLearningDetectionConfig](aws-properties-iot-securityprofile-machinelearningdetectionconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StatisticalThreshold` A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior. *Required*: No *Type*: [StatisticalThreshold](aws-properties-iot-securityprofile-statisticalthreshold.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value to be compared with the `metric`. *Required*: No *Type*: [MetricValue](aws-properties-iot-securityprofile-metricvalue.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile MachineLearningDetectionConfig The `MachineLearningDetectionConfig` property type controls confidence of the machine learning model. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ConfidenceLevel](#cfn-iot-securityprofile-machinelearningdetectionconfig-confidencelevel)" : String } ``` ### YAML ``` [ConfidenceLevel](#cfn-iot-securityprofile-machinelearningdetectionconfig-confidencelevel): String ``` ## Properties `ConfidenceLevel` The model confidence level. There are three levels of confidence, `"high"`, `"medium"`, and `"low"`. The higher the confidence level, the lower the sensitivity, and the lower the alarm frequency will be. *Required*: No *Type*: String *Allowed values*: `LOW | MEDIUM | HIGH` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile MetricDimension The dimension of the metric. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DimensionName](#cfn-iot-securityprofile-metricdimension-dimensionname)" : String, "[Operator](#cfn-iot-securityprofile-metricdimension-operator)" : String } ``` ### YAML ``` [DimensionName](#cfn-iot-securityprofile-metricdimension-dimensionname): String [Operator](#cfn-iot-securityprofile-metricdimension-operator): String ``` ## Properties `DimensionName` The name of the dimension. *Required*: Yes *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Operator` Operators are constructs that perform logical operations. Valid values are `IN` and `NOT_IN`. *Required*: No *Type*: String *Allowed values*: `IN | NOT_IN` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile MetricsExportConfig Specifies the MQTT topic and role ARN required for metric export. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[MqttTopic](#cfn-iot-securityprofile-metricsexportconfig-mqtttopic)" : String, "[RoleArn](#cfn-iot-securityprofile-metricsexportconfig-rolearn)" : String } ``` ### YAML ``` [MqttTopic](#cfn-iot-securityprofile-metricsexportconfig-mqtttopic): String [RoleArn](#cfn-iot-securityprofile-metricsexportconfig-rolearn): String ``` ## Properties `MqttTopic` The MQTT topic that Device Defender Detect should publish messages to for metrics export. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `512` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` This role ARN has permission to publish MQTT messages, after which Device Defender Detect can assume the role and publish messages on your behalf. *Required*: Yes *Type*: String *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile MetricToRetain The metric you want to retain. Dimensions are optional. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ExportMetric](#cfn-iot-securityprofile-metrictoretain-exportmetric)" : Boolean, "[Metric](#cfn-iot-securityprofile-metrictoretain-metric)" : String, "[MetricDimension](#cfn-iot-securityprofile-metrictoretain-metricdimension)" : MetricDimension } ``` ### YAML ``` [ExportMetric](#cfn-iot-securityprofile-metrictoretain-exportmetric): Boolean [Metric](#cfn-iot-securityprofile-metrictoretain-metric): String [MetricDimension](#cfn-iot-securityprofile-metrictoretain-metricdimension): MetricDimension ``` ## Properties `ExportMetric` The value indicates exporting metrics related to the `MetricToRetain` when it's true. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Metric` A standard of measurement. *Required*: Yes *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricDimension` The dimension of the metric. *Required*: No *Type*: [MetricDimension](aws-properties-iot-securityprofile-metricdimension.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile MetricValue The value to be compared with the `metric`. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Cidrs](#cfn-iot-securityprofile-metricvalue-cidrs)" : [ String, ... ], "[Count](#cfn-iot-securityprofile-metricvalue-count)" : String, "[Number](#cfn-iot-securityprofile-metricvalue-number)" : Number, "[Numbers](#cfn-iot-securityprofile-metricvalue-numbers)" : [ Number, ... ], "[Ports](#cfn-iot-securityprofile-metricvalue-ports)" : [ Integer, ... ], "[Strings](#cfn-iot-securityprofile-metricvalue-strings)" : [ String, ... ] } ``` ### YAML ``` [Cidrs](#cfn-iot-securityprofile-metricvalue-cidrs): - String [Count](#cfn-iot-securityprofile-metricvalue-count): String [Number](#cfn-iot-securityprofile-metricvalue-number): Number [Numbers](#cfn-iot-securityprofile-metricvalue-numbers): - Number [Ports](#cfn-iot-securityprofile-metricvalue-ports): - Integer [Strings](#cfn-iot-securityprofile-metricvalue-strings): - String ``` ## Properties `Cidrs` If the `comparisonOperator` calls for a set of CIDRs, use this to specify that set to be compared with the `metric`. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Count` If the `comparisonOperator` calls for a numeric value, use this to specify that numeric value to be compared with the `metric`. *Required*: No *Type*: String *Minimum*: `0` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Number` The numeric values of a metric. *Required*: No *Type*: Number *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Numbers` The numeric value of a metric. *Required*: No *Type*: Array of Number *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Ports` If the `comparisonOperator` calls for a set of ports, use this to specify that set to be compared with the `metric`. *Required*: No *Type*: Array of Integer *Minimum*: `0` *Maximum*: `65535` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Strings` The string values of a metric. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile StatisticalThreshold A statistical ranking (percentile) that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Statistic](#cfn-iot-securityprofile-statisticalthreshold-statistic)" : String } ``` ### YAML ``` [Statistic](#cfn-iot-securityprofile-statisticalthreshold-statistic): String ``` ## Properties `Statistic` The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (`durationSeconds`) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (`comparisonOperator`) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs. *Required*: No *Type*: String *Allowed values*: `Average | p0 | p0.1 | p0.01 | p1 | p10 | p50 | p90 | p99 | p99.9 | p99.99 | p100` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SecurityProfile Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-securityprofile-tag-key)" : String, "[Value](#cfn-iot-securityprofile-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-securityprofile-tag-key): String [Value](#cfn-iot-securityprofile-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SoftwarePackage Use the `AWS::IoT::SoftwarePackage` resource to create a software package. For information about working with software packages, see [AWS IoT Device Management Software Package Catalog](https://docs.aws.amazon.com/iot/latest/developerguide/software-package-catalog.html) and [Creating a software package and package version](https://docs.aws.amazon.com/iot/latest/developerguide/creating-package-and-version.html) in the *AWS IoT Developer Guide*. See also, [CreatePackage](https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePackage.html) in the *API Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::SoftwarePackage", "Properties" : { "[Description](#cfn-iot-softwarepackage-description)" : String, "[PackageName](#cfn-iot-softwarepackage-packagename)" : String, "[Tags](#cfn-iot-softwarepackage-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::SoftwarePackage Properties: [Description](#cfn-iot-softwarepackage-description): String [PackageName](#cfn-iot-softwarepackage-packagename): String [Tags](#cfn-iot-softwarepackage-tags): - Tag ``` ## Properties `Description` A summary of the package being created. This can be used to outline the package's contents or purpose. *Required*: No *Type*: String *Pattern*: `^[^\p{C}]+$` *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PackageName` The name of the new software package. *Required*: No *Type*: String *Pattern*: `^[a-zA-Z0-9-_.]+$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Metadata that can be used to manage the package. *Required*: No *Type*: Array of [Tag](aws-properties-iot-softwarepackage-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the software package name. For example: ``` { "Ref": "MyPackage" } ``` Response: ``` package-name ``` For a stack named MyStack, a value that is similar to the following is returned: ``` MyStack-MySoftwarePackage-AB1CDEFGHIJK ``` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). For example: ``` { "GetAtt": "MySoftwarePackage.PackageArn" } ``` #### `PackageArn` The Amazon Resource Name (ARN) for the package. ## Examples The following example declares a software package and the values of its attributes. ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MySoftwarePackage": { "Type": "AWS::IoT::SoftwarePackage", "Properties": { "PackageName": "Package", "Description": "description", "Tags": [ { "Key": "TagKey", "Value": "TagValue" } ] } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MySoftwarePackage: Type: AWS::IoT::SoftwarePackage Properties: PackageName: "Package" Description: "description" Tags: - Key: "TagKey" Value: "TagValue" ``` # AWS::IoT::SoftwarePackage Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-softwarepackage-tag-key)" : String, "[Value](#cfn-iot-softwarepackage-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-softwarepackage-tag-key): String [Value](#cfn-iot-softwarepackage-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SoftwarePackageVersion Use the `AWS::IoT::SoftwarePackageVersion` resource to create a software package version. For information about working with software package versions, see [AWS IoT Device ManagementSoftware Package Catalog](https://docs.aws.amazon.com/iot/latest/developerguide/software-package-catalog.html) and [Creating a software package and package version](https://docs.aws.amazon.com/iot/latest/developerguide/creating-package-and-version.html) in the *AWS IoT Developer Guide*. See also, [CreatePackageVersion](https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePackageVersion.html) in the *API Guide*. **Note** The associated software package must exist before the package version is created. If you create a software package and package version in the same CloudFormation template, set the software package as a [dependency](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) of the package version. If they are created out of sequence, you will receive an error. Package versions and created in a `draft` state, for more information, see [Package version lifecycle](https://docs.aws.amazon.com/iot/latest/developerguide/preparing-to-use-software-package-catalog.html#package-version-lifecycle). To change the package version state after it’s created, use the [UpdatePackageVersionAPI](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackageVersion.html) command. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::SoftwarePackageVersion", "Properties" : { "[Artifact](#cfn-iot-softwarepackageversion-artifact)" : PackageVersionArtifact, "[Attributes](#cfn-iot-softwarepackageversion-attributes)" : {Key: Value, ...}, "[Description](#cfn-iot-softwarepackageversion-description)" : String, "[PackageName](#cfn-iot-softwarepackageversion-packagename)" : String, "[Recipe](#cfn-iot-softwarepackageversion-recipe)" : String, "[Sbom](#cfn-iot-softwarepackageversion-sbom)" : Sbom, "[Tags](#cfn-iot-softwarepackageversion-tags)" : [ Tag, ... ], "[VersionName](#cfn-iot-softwarepackageversion-versionname)" : String } } ``` ### YAML ``` Type: AWS::IoT::SoftwarePackageVersion Properties: [Artifact](#cfn-iot-softwarepackageversion-artifact): PackageVersionArtifact [Attributes](#cfn-iot-softwarepackageversion-attributes): Key: Value [Description](#cfn-iot-softwarepackageversion-description): String [PackageName](#cfn-iot-softwarepackageversion-packagename): String [Recipe](#cfn-iot-softwarepackageversion-recipe): String [Sbom](#cfn-iot-softwarepackageversion-sbom): Sbom [Tags](#cfn-iot-softwarepackageversion-tags): - Tag [VersionName](#cfn-iot-softwarepackageversion-versionname): String ``` ## Properties `Artifact` Property description not available. *Required*: No *Type*: [PackageVersionArtifact](aws-properties-iot-softwarepackageversion-packageversionartifact.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Attributes` Metadata that can be used to define a package version’s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet. The combined size of all the attributes on a package version is limited to 3KB. *Required*: No *Type*: Object of String *Pattern*: `^[a-zA-Z0-9:_-]+$` *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` A summary of the package version being created. This can be used to outline the package's contents or purpose. *Required*: No *Type*: String *Pattern*: `^[^\p{C}]+$` *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PackageName` The name of the associated software package. *Required*: Yes *Type*: String *Pattern*: `^[a-zA-Z0-9-_.]+$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Recipe` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Sbom` Property description not available. *Required*: No *Type*: [Sbom](aws-properties-iot-softwarepackageversion-sbom.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata that can be used to manage the package version. *Required*: No *Type*: Array of [Tag](aws-properties-iot-softwarepackageversion-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VersionName` The name of the new package version. *Required*: No *Type*: String *Pattern*: `^[a-zA-Z0-9-_.]+$` *Minimum*: `1` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the software package name and package version. For example: ``` { "Ref": "MyPackageVersion" } ``` Response: ``` package-name|version-name ``` For a stack named MyStack, a value that is similar to the following is returned: ``` MyStack-MyPackageVersion-AB1CDEFGHIJK ``` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). For example: ``` { "GetAtt": "MySoftwarePackageVersion.PackageVersionArn" } ``` #### `ErrorReason` Error reason for a package version failure during creation or update. `PackageVersionArn` The Amazon Resource Name (ARN) for the package. `SbomValidationStatus` Property description not available. `Status` The status of the package version. For more information, see [Package version lifecycle](https://docs.aws.amazon.com/iot/latest/developerguide/preparing-to-use-software-package-catalog.html#package-version-lifecycle). ## Examples The following example declares a package version and the values of its attributes. ### #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyPackageVersion": { "Type": "AWS::IoT::SoftwarePackageVersion", "Properties": { "PackageName": "PackageName", "VersionName": "1.0.0", "Description": "description", "Tags": [ { "Key": "TagKey", "Value": "TagValue" } ] } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MyPackageVersion: Type: AWS::IoT::SoftwarePackageVersion Properties: PackageName: "PackageName" VersionName: "1.0.0" Description: "description" Tags: - Key: "TagKey" Value: "TagValue" ``` # AWS::IoT::SoftwarePackageVersion PackageVersionArtifact The `PackageVersionArtifact` property type specifies Property description not available. for an [AWS::IoT::SoftwarePackageVersion](aws-resource-iot-softwarepackageversion.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[S3Location](#cfn-iot-softwarepackageversion-packageversionartifact-s3location)" : S3Location } ``` ### YAML ``` [S3Location](#cfn-iot-softwarepackageversion-packageversionartifact-s3location): S3Location ``` ## Properties `S3Location` Property description not available. *Required*: Yes *Type*: [S3Location](aws-properties-iot-softwarepackageversion-s3location.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SoftwarePackageVersion S3Location The `S3Location` property type specifies Property description not available. for an [AWS::IoT::SoftwarePackageVersion](aws-resource-iot-softwarepackageversion.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Bucket](#cfn-iot-softwarepackageversion-s3location-bucket)" : String, "[Key](#cfn-iot-softwarepackageversion-s3location-key)" : String, "[Version](#cfn-iot-softwarepackageversion-s3location-version)" : String } ``` ### YAML ``` [Bucket](#cfn-iot-softwarepackageversion-s3location-bucket): String [Key](#cfn-iot-softwarepackageversion-s3location-key): String [Version](#cfn-iot-softwarepackageversion-s3location-version): String ``` ## Properties `Bucket` Property description not available. *Required*: Yes *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Key` Property description not available. *Required*: Yes *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Version` Property description not available. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SoftwarePackageVersion Sbom The `Sbom` property type specifies Property description not available. for an [AWS::IoT::SoftwarePackageVersion](aws-resource-iot-softwarepackageversion.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[S3Location](#cfn-iot-softwarepackageversion-sbom-s3location)" : S3Location } ``` ### YAML ``` [S3Location](#cfn-iot-softwarepackageversion-sbom-s3location): S3Location ``` ## Properties `S3Location` Property description not available. *Required*: Yes *Type*: [S3Location](aws-properties-iot-softwarepackageversion-s3location.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::SoftwarePackageVersion Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-softwarepackageversion-tag-key)" : String, "[Value](#cfn-iot-softwarepackageversion-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-softwarepackageversion-tag-key): String [Value](#cfn-iot-softwarepackageversion-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::Thing Use the `AWS::IoT::Thing` resource to declare an AWS IoT thing. For information about working with things, see [How AWS IoT Works](https://docs.aws.amazon.com/iot/latest/developerguide/aws-iot-how-it-works.html) and [Device Registry for AWS IoT](https://docs.aws.amazon.com/iot/latest/developerguide/thing-registry.html) in the *AWS IoT Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Thing", "Properties" : { "[AttributePayload](#cfn-iot-thing-attributepayload)" : AttributePayload, "[ThingName](#cfn-iot-thing-thingname)" : String } } ``` ### YAML ``` Type: AWS::IoT::Thing Properties: [AttributePayload](#cfn-iot-thing-attributepayload): AttributePayload [ThingName](#cfn-iot-thing-thingname): String ``` ## Properties `AttributePayload` A string that contains up to three key value pairs. Maximum length of 800. Duplicates not allowed. *Required*: No *Type*: [AttributePayload](aws-properties-iot-thing-attributepayload.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ThingName` The name of the thing to update. You can't change a thing's name. To change a thing's name, you must create a new thing, give it the new name, and then delete the old thing. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the thing name. For example: `{ "Ref": "MyThing" }` For a stack named MyStack, a value similar to the following is returned: `MyStack-MyThing-AB1CDEFGHIJK` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the AWS IoT thing, such as `arn:aws:iot:us-east-2:123456789012:thing/MyThing`. `Id` The Id of this thing. ## Examples ### The following example declares a thing and the values of its attributes. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyThing": { "Type": "AWS::IoT::Thing", "Properties": { "ThingName": { "Ref": "NameParameter" }, "AttributePayload": { "Attributes": { "myAttributeA": { "Ref": "MyAttributeValueA" }, "myAttributeB": { "Ref": "MyAttributeValueB" }, "myAttributeC": { "Ref": "MyAttributeValueC" } } } } } }, "Parameters": { "NameParameter": { "Type": "String" }, "MyAttributeValueA": { "Type": "String", "Default": "myStringA123" }, "MyAttributeValueB": { "Type": "String", "Default": "myStringB123" }, "MyAttributeValueC": { "Type": "String", "Default": "myStringC123" } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MyThing: Type: AWS::IoT::Thing Properties: ThingName: Ref: NameParameter AttributePayload: Attributes: myAttributeA: Ref: MyAttributeValueA myAttributeB: Ref: MyAttributeValueB myAttributeC: Ref: MyAttributeValueC Parameters: NameParameter: Type: String MyAttributeValueA: Type: String Default: myStringA123 MyAttributeValueB: Type: String Default: myStringB123 MyAttributeValueC: Type: String Default: myStringC123 ``` # AWS::IoT::Thing AttributePayload The AttributePayload property specifies up to three attributes for an AWS IoT as key-value pairs. AttributePayload is a property of the [AWS::IoT::Thing](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-thing.html) resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Attributes](#cfn-iot-thing-attributepayload-attributes)" : {Key: Value, ...} } ``` ### YAML ``` [Attributes](#cfn-iot-thing-attributepayload-attributes): Key: Value ``` ## Properties `Attributes` A JSON string containing up to three key-value pair in JSON format. For example: `{\"attributes\":{\"string1\":\"string2\"}}` *Required*: No *Type*: Object of String *Pattern*: `[a-zA-Z0-9_.,@/:#-]+` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### The following example declares an attribute payload with three attributes. #### JSON ``` { "AttributePayload":{ "Attributes":{ "myAttributeA":{ "Ref":"MyAttributeValueA" }, "myAttributeB":{ "Ref":"MyAttributeValueB" }, "myAttributeC":{ "Ref":"MyAttributeValueC" } } } } ``` #### YAML ``` AttributePayload: Attributes: myAttributeA: Ref: MyAttributeValueA myAttributeB: Ref: MyAttributeValueB myAttributeC: Ref: MyAttributeValueC ``` # AWS::IoT::ThingGroup Creates a new thing group. A dynamic thing group is created if the resource template contains the `QueryString` attribute. A dynamic thing group will not contain the `ParentGroupName` attribute. A static thing group and dynamic thing group can't be converted to each other via the addition or removal of the `QueryString` attribute. **Note** This is a control plane operation. See [Authorization](https://docs.aws.amazon.com/iot/latest/developerguide/iot-authorization.html) for information about authorizing control plane actions. Requires permission to access the [CreateThingGroup](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::ThingGroup", "Properties" : { "[ParentGroupName](#cfn-iot-thinggroup-parentgroupname)" : String, "[QueryString](#cfn-iot-thinggroup-querystring)" : String, "[Tags](#cfn-iot-thinggroup-tags)" : [ Tag, ... ], "[ThingGroupName](#cfn-iot-thinggroup-thinggroupname)" : String, "[ThingGroupProperties](#cfn-iot-thinggroup-thinggroupproperties)" : ThingGroupProperties } } ``` ### YAML ``` Type: AWS::IoT::ThingGroup Properties: [ParentGroupName](#cfn-iot-thinggroup-parentgroupname): String [QueryString](#cfn-iot-thinggroup-querystring): String [Tags](#cfn-iot-thinggroup-tags): - Tag [ThingGroupName](#cfn-iot-thinggroup-thinggroupname): String [ThingGroupProperties](#cfn-iot-thinggroup-thinggroupproperties): ThingGroupProperties ``` ## Properties `ParentGroupName` The parent thing group name. A Dynamic Thing Group does not have `parentGroupName` defined. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `QueryString` The dynamic thing group search query string. The `queryString` attribute *is* required for `CreateDynamicThingGroup`. The `queryString` attribute *is not* required for `CreateThingGroup`. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `1000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata which can be used to manage the thing group or dynamic thing group. *Required*: No *Type*: Array of [Tag](aws-properties-iot-thinggroup-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ThingGroupName` The thing group name. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ThingGroupProperties` Thing group properties. *Required*: No *Type*: [ThingGroupProperties](aws-properties-iot-thinggroup-thinggroupproperties.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the thing group id. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The thing group ARN. `Id` The thing group ID. # AWS::IoT::ThingGroup AttributePayload The attribute payload. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Attributes](#cfn-iot-thinggroup-attributepayload-attributes)" : {Key: Value, ...} } ``` ### YAML ``` [Attributes](#cfn-iot-thinggroup-attributepayload-attributes): Key: Value ``` ## Properties `Attributes` A JSON string containing up to three key-value pair in JSON format. For example: `{\"attributes\":{\"string1\":\"string2\"}}` *Required*: No *Type*: Object of String *Pattern*: `[a-zA-Z0-9_.,@/:#-]+` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ThingGroup Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-thinggroup-tag-key)" : String, "[Value](#cfn-iot-thinggroup-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-thinggroup-tag-key): String [Value](#cfn-iot-thinggroup-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ThingGroup ThingGroupProperties Thing group properties. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AttributePayload](#cfn-iot-thinggroup-thinggroupproperties-attributepayload)" : AttributePayload, "[ThingGroupDescription](#cfn-iot-thinggroup-thinggroupproperties-thinggroupdescription)" : String } ``` ### YAML ``` [AttributePayload](#cfn-iot-thinggroup-thinggroupproperties-attributepayload): AttributePayload [ThingGroupDescription](#cfn-iot-thinggroup-thinggroupproperties-thinggroupdescription): String ``` ## Properties `AttributePayload` The thing group attributes in JSON format. *Required*: No *Type*: [AttributePayload](aws-properties-iot-thinggroup-attributepayload.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ThingGroupDescription` The thing group description. *Required*: No *Type*: String *Pattern*: `[\p{Graph}\x20]*` *Maximum*: `2028` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ThingPrincipalAttachment Use the `AWS::IoT::ThingPrincipalAttachment` resource to attach a principal (an X.509 certificate or another credential) to a thing. For more information about working with AWS IoT things and principals, see [Authorization](https://docs.aws.amazon.com/iot/latest/developerguide/authorization.html) in the *AWS IoT Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::ThingPrincipalAttachment", "Properties" : { "[Principal](#cfn-iot-thingprincipalattachment-principal)" : String, "[ThingName](#cfn-iot-thingprincipalattachment-thingname)" : String, "[ThingPrincipalType](#cfn-iot-thingprincipalattachment-thingprincipaltype)" : String } } ``` ### YAML ``` Type: AWS::IoT::ThingPrincipalAttachment Properties: [Principal](#cfn-iot-thingprincipalattachment-principal): String [ThingName](#cfn-iot-thingprincipalattachment-thingname): String [ThingPrincipalType](#cfn-iot-thingprincipalattachment-thingprincipaltype): String ``` ## Properties `Principal` The principal, which can be a certificate ARN (as returned from the `CreateCertificate` operation) or an Amazon Cognito ID. *Required*: Yes *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ThingName` The name of the AWS IoT thing. *Required*: Yes *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ThingPrincipalType` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### The following example attaches a principal to a thing. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "NameParameter": { "Type": "String", "Description": "Name of the IoT Thing to attach the principal to" } }, "Resources": { "MyThingPrincipalAttachment": { "Type": "AWS::IoT::ThingPrincipalAttachment", "Properties": { "ThingName": { "Ref": "NameParameter" }, "Principal": "arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2" } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MyThingPrincipalAttachment: Type: AWS::IoT::ThingPrincipalAttachment Properties: ThingName: Ref: NameParameter Principal: arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2 Parameters: NameParameter: Type: String ``` # AWS::IoT::ThingType Creates a new thing type. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::ThingType", "Properties" : { "[DeprecateThingType](#cfn-iot-thingtype-deprecatethingtype)" : Boolean, "[Tags](#cfn-iot-thingtype-tags)" : [ Tag, ... ], "[ThingTypeName](#cfn-iot-thingtype-thingtypename)" : String, "[ThingTypeProperties](#cfn-iot-thingtype-thingtypeproperties)" : ThingTypeProperties } } ``` ### YAML ``` Type: AWS::IoT::ThingType Properties: [DeprecateThingType](#cfn-iot-thingtype-deprecatethingtype): Boolean [Tags](#cfn-iot-thingtype-tags): - Tag [ThingTypeName](#cfn-iot-thingtype-thingtypename): String [ThingTypeProperties](#cfn-iot-thingtype-thingtypeproperties): ThingTypeProperties ``` ## Properties `DeprecateThingType` Deprecates a thing type. You can not associate new things with deprecated thing type. Requires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata which can be used to manage the thing type. *Required*: No *Type*: Array of [Tag](aws-properties-iot-thingtype-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ThingTypeName` The name of the thing type. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9:_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ThingTypeProperties` The thing type properties for the thing type to create. It contains information about the new thing type including a description, a list of searchable thing attribute names, and a list of propagating attributes. After a thing type is created, you can only update `Mqtt5Configuration`. *Required*: No *Type*: [ThingTypeProperties](aws-properties-iot-thingtype-thingtypeproperties.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the thing type id. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The thing type arn. `Id` The thing type id. # AWS::IoT::ThingType Mqtt5Configuration The configuration to add user-defined properties to enrich MQTT 5 messages. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[PropagatingAttributes](#cfn-iot-thingtype-mqtt5configuration-propagatingattributes)" : [ PropagatingAttribute, ... ] } ``` ### YAML ``` [PropagatingAttributes](#cfn-iot-thingtype-mqtt5configuration-propagatingattributes): - PropagatingAttribute ``` ## Properties `PropagatingAttributes` An object that represents the connection attribute, the thing attribute, and the MQTT 5 user property key. *Required*: No *Type*: Array of [PropagatingAttribute](aws-properties-iot-thingtype-propagatingattribute.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ThingType PropagatingAttribute An object that represents the connection attribute, the thing attribute, and the MQTT 5 user property key. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ConnectionAttribute](#cfn-iot-thingtype-propagatingattribute-connectionattribute)" : String, "[ThingAttribute](#cfn-iot-thingtype-propagatingattribute-thingattribute)" : String, "[UserPropertyKey](#cfn-iot-thingtype-propagatingattribute-userpropertykey)" : String } ``` ### YAML ``` [ConnectionAttribute](#cfn-iot-thingtype-propagatingattribute-connectionattribute): String [ThingAttribute](#cfn-iot-thingtype-propagatingattribute-thingattribute): String [UserPropertyKey](#cfn-iot-thingtype-propagatingattribute-userpropertykey): String ``` ## Properties `ConnectionAttribute` The attribute associated with the connection details. *Required*: No *Type*: String *Allowed values*: `iot:ClientId | iot:Thing.ThingName` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ThingAttribute` The thing attribute that is propagating for MQTT 5 message enrichment. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9_.,@/:#-]+` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UserPropertyKey` The key of the MQTT 5 user property, which is a key-value pair. *Required*: Yes *Type*: String *Pattern*: `[a-zA-Z0-9:$.]+` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ThingType Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-thingtype-tag-key)" : String, "[Value](#cfn-iot-thingtype-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-thingtype-tag-key): String [Value](#cfn-iot-thingtype-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::ThingType ThingTypeProperties The ThingTypeProperties contains information about the thing type including: a thing type description, and a list of searchable thing attribute names. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Mqtt5Configuration](#cfn-iot-thingtype-thingtypeproperties-mqtt5configuration)" : Mqtt5Configuration, "[SearchableAttributes](#cfn-iot-thingtype-thingtypeproperties-searchableattributes)" : [ String, ... ], "[ThingTypeDescription](#cfn-iot-thingtype-thingtypeproperties-thingtypedescription)" : String } ``` ### YAML ``` [Mqtt5Configuration](#cfn-iot-thingtype-thingtypeproperties-mqtt5configuration): Mqtt5Configuration [SearchableAttributes](#cfn-iot-thingtype-thingtypeproperties-searchableattributes): - String [ThingTypeDescription](#cfn-iot-thingtype-thingtypeproperties-thingtypedescription): String ``` ## Properties `Mqtt5Configuration` The configuration to add user-defined properties to enrich MQTT 5 messages. *Required*: No *Type*: [Mqtt5Configuration](aws-properties-iot-thingtype-mqtt5configuration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SearchableAttributes` A list of searchable thing attribute names. *Required*: No *Type*: Array of String *Maximum*: `128 | 3` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ThingTypeDescription` The description of the thing type. *Required*: No *Type*: String *Pattern*: `[\p{Graph}\x20]*` *Maximum*: `2028` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule Use the `AWS::IoT::TopicRule` resource to declare an AWS IoT rule. For information about working with AWS IoT rules, see [Rules for AWS IoT](https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html) in the *AWS IoT Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::TopicRule", "Properties" : { "[RuleName](#cfn-iot-topicrule-rulename)" : String, "[Tags](#cfn-iot-topicrule-tags)" : [ Tag, ... ], "[TopicRulePayload](#cfn-iot-topicrule-topicrulepayload)" : TopicRulePayload } } ``` ### YAML ``` Type: AWS::IoT::TopicRule Properties: [RuleName](#cfn-iot-topicrule-rulename): String [Tags](#cfn-iot-topicrule-tags): - Tag [TopicRulePayload](#cfn-iot-topicrule-topicrulepayload): TopicRulePayload ``` ## Properties `RuleName` The name of the rule. *Required*: No *Type*: String *Pattern*: `^[a-zA-Z0-9_]+$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Metadata which can be used to manage the topic rule. For URI Request parameters use format: ...key1=value1&key2=value2... For the CLI command-line parameter use format: --tags "key1=value1&key2=value2..." For the cli-input-json file use format: "tags": "key1=value1&key2=value2..." *Required*: No *Type*: Array of [Tag](aws-properties-iot-topicrule-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TopicRulePayload` The rule payload. *Required*: Yes *Type*: [TopicRulePayload](aws-properties-iot-topicrule-topicrulepayload.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the topic rule name. For example: `{ "Ref": "MyTopicRule" }` For a stack named My-Stack (the - character is omitted), a value similar to the following is returned: `MyStackMyTopicRule12ABC3D456EFG` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the AWS IoT rule, such as `arn:aws:iot:us-east-2:123456789012:rule/MyIoTRule`. ## Examples ### The following example declares an AWS IoT rule. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyTopicRule": { "Type": "AWS::IoT::TopicRule", "Properties": { "RuleName": { "Ref": "NameParameter" }, "TopicRulePayload": { "RuleDisabled": "true", "Sql": "SELECT temp FROM 'SomeTopic' WHERE temp > 60", "Actions": [ { "S3": { "BucketName": { "Ref": "amzn-s3-demo-bucket" }, "RoleArn": { "Fn::GetAtt": [ "MyRole", "Arn" ] }, "Key": "MyKey.txt" } } ] } } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MyTopicRule: Type: AWS::IoT::TopicRule Properties: RuleName: Ref: NameParameter TopicRulePayload: RuleDisabled: 'true' Sql: "SELECT temp FROM 'SomeTopic' WHERE temp > 60" Actions: - S3: BucketName: Ref: amzn-s3-demo-bucket RoleArn: Fn::GetAtt: - MyRole - Arn Key: MyKey.txt ``` # AWS::IoT::TopicRule Action Describes the actions associated with a rule. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CloudwatchAlarm](#cfn-iot-topicrule-action-cloudwatchalarm)" : CloudwatchAlarmAction, "[CloudwatchLogs](#cfn-iot-topicrule-action-cloudwatchlogs)" : CloudwatchLogsAction, "[CloudwatchMetric](#cfn-iot-topicrule-action-cloudwatchmetric)" : CloudwatchMetricAction, "[DynamoDB](#cfn-iot-topicrule-action-dynamodb)" : DynamoDBAction, "[DynamoDBv2](#cfn-iot-topicrule-action-dynamodbv2)" : DynamoDBv2Action, "[Elasticsearch](#cfn-iot-topicrule-action-elasticsearch)" : ElasticsearchAction, "[Firehose](#cfn-iot-topicrule-action-firehose)" : FirehoseAction, "[Http](#cfn-iot-topicrule-action-http)" : HttpAction, "[IotAnalytics](#cfn-iot-topicrule-action-iotanalytics)" : IotAnalyticsAction, "[IotEvents](#cfn-iot-topicrule-action-iotevents)" : IotEventsAction, "[IotSiteWise](#cfn-iot-topicrule-action-iotsitewise)" : IotSiteWiseAction, "[Kafka](#cfn-iot-topicrule-action-kafka)" : KafkaAction, "[Kinesis](#cfn-iot-topicrule-action-kinesis)" : KinesisAction, "[Lambda](#cfn-iot-topicrule-action-lambda)" : LambdaAction, "[Location](#cfn-iot-topicrule-action-location)" : LocationAction, "[OpenSearch](#cfn-iot-topicrule-action-opensearch)" : OpenSearchAction, "[Republish](#cfn-iot-topicrule-action-republish)" : RepublishAction, "[S3](#cfn-iot-topicrule-action-s3)" : S3Action, "[Sns](#cfn-iot-topicrule-action-sns)" : SnsAction, "[Sqs](#cfn-iot-topicrule-action-sqs)" : SqsAction, "[StepFunctions](#cfn-iot-topicrule-action-stepfunctions)" : StepFunctionsAction, "[Timestream](#cfn-iot-topicrule-action-timestream)" : TimestreamAction } ``` ### YAML ``` [CloudwatchAlarm](#cfn-iot-topicrule-action-cloudwatchalarm): CloudwatchAlarmAction [CloudwatchLogs](#cfn-iot-topicrule-action-cloudwatchlogs): CloudwatchLogsAction [CloudwatchMetric](#cfn-iot-topicrule-action-cloudwatchmetric): CloudwatchMetricAction [DynamoDB](#cfn-iot-topicrule-action-dynamodb): DynamoDBAction [DynamoDBv2](#cfn-iot-topicrule-action-dynamodbv2): DynamoDBv2Action [Elasticsearch](#cfn-iot-topicrule-action-elasticsearch): ElasticsearchAction [Firehose](#cfn-iot-topicrule-action-firehose): FirehoseAction [Http](#cfn-iot-topicrule-action-http): HttpAction [IotAnalytics](#cfn-iot-topicrule-action-iotanalytics): IotAnalyticsAction [IotEvents](#cfn-iot-topicrule-action-iotevents): IotEventsAction [IotSiteWise](#cfn-iot-topicrule-action-iotsitewise): IotSiteWiseAction [Kafka](#cfn-iot-topicrule-action-kafka): KafkaAction [Kinesis](#cfn-iot-topicrule-action-kinesis): KinesisAction [Lambda](#cfn-iot-topicrule-action-lambda): LambdaAction [Location](#cfn-iot-topicrule-action-location): LocationAction [OpenSearch](#cfn-iot-topicrule-action-opensearch): OpenSearchAction [Republish](#cfn-iot-topicrule-action-republish): RepublishAction [S3](#cfn-iot-topicrule-action-s3): S3Action [Sns](#cfn-iot-topicrule-action-sns): SnsAction [Sqs](#cfn-iot-topicrule-action-sqs): SqsAction [StepFunctions](#cfn-iot-topicrule-action-stepfunctions): StepFunctionsAction [Timestream](#cfn-iot-topicrule-action-timestream): TimestreamAction ``` ## Properties `CloudwatchAlarm` Change the state of a CloudWatch alarm. *Required*: No *Type*: [CloudwatchAlarmAction](aws-properties-iot-topicrule-cloudwatchalarmaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CloudwatchLogs` Sends data to CloudWatch. *Required*: No *Type*: [CloudwatchLogsAction](aws-properties-iot-topicrule-cloudwatchlogsaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CloudwatchMetric` Capture a CloudWatch metric. *Required*: No *Type*: [CloudwatchMetricAction](aws-properties-iot-topicrule-cloudwatchmetricaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DynamoDB` Write to a DynamoDB table. *Required*: No *Type*: [DynamoDBAction](aws-properties-iot-topicrule-dynamodbaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DynamoDBv2` Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column. *Required*: No *Type*: [DynamoDBv2Action](aws-properties-iot-topicrule-dynamodbv2action.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Elasticsearch` Write data to an Amazon OpenSearch Service domain. The `Elasticsearch` action can only be used by existing rule actions. To create a new rule action or to update an existing rule action, use the `OpenSearch` rule action instead. For more information, see [OpenSearchAction](https://docs.aws.amazon.com//iot/latest/apireference/API_OpenSearchAction.html). *Required*: No *Type*: [ElasticsearchAction](aws-properties-iot-topicrule-elasticsearchaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Firehose` Write to an Amazon Kinesis Firehose stream. *Required*: No *Type*: [FirehoseAction](aws-properties-iot-topicrule-firehoseaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Http` Send data to an HTTPS endpoint. *Required*: No *Type*: [HttpAction](aws-properties-iot-topicrule-httpaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IotAnalytics` Sends message data to an AWS IoT Analytics channel. *Required*: No *Type*: [IotAnalyticsAction](aws-properties-iot-topicrule-iotanalyticsaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IotEvents` Sends an input to an AWS IoT Events detector. *Required*: No *Type*: [IotEventsAction](aws-properties-iot-topicrule-ioteventsaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IotSiteWise` Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties. *Required*: No *Type*: [IotSiteWiseAction](aws-properties-iot-topicrule-iotsitewiseaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Kafka` Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster. *Required*: No *Type*: [KafkaAction](aws-properties-iot-topicrule-kafkaaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Kinesis` Write data to an Amazon Kinesis stream. *Required*: No *Type*: [KinesisAction](aws-properties-iot-topicrule-kinesisaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Lambda` Invoke a Lambda function. *Required*: No *Type*: [LambdaAction](aws-properties-iot-topicrule-lambdaaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Location` Sends device location data to [Amazon Location Service](https://docs.aws.amazon.com//location/latest/developerguide/welcome.html). *Required*: No *Type*: [LocationAction](aws-properties-iot-topicrule-locationaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OpenSearch` Write data to an Amazon OpenSearch Service domain. *Required*: No *Type*: [OpenSearchAction](aws-properties-iot-topicrule-opensearchaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Republish` Publish to another MQTT topic. *Required*: No *Type*: [RepublishAction](aws-properties-iot-topicrule-republishaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `S3` Write to an Amazon S3 bucket. *Required*: No *Type*: [S3Action](aws-properties-iot-topicrule-s3action.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Sns` Publish to an Amazon SNS topic. *Required*: No *Type*: [SnsAction](aws-properties-iot-topicrule-snsaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Sqs` Publish to an Amazon SQS queue. *Required*: No *Type*: [SqsAction](aws-properties-iot-topicrule-sqsaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StepFunctions` Starts execution of a Step Functions state machine. *Required*: No *Type*: [StepFunctionsAction](aws-properties-iot-topicrule-stepfunctionsaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Timestream` Writes attributes from an MQTT message. *Required*: No *Type*: [TimestreamAction](aws-properties-iot-topicrule-timestreamaction.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule AssetPropertyTimestamp An asset property timestamp entry containing the following information. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[OffsetInNanos](#cfn-iot-topicrule-assetpropertytimestamp-offsetinnanos)" : String, "[TimeInSeconds](#cfn-iot-topicrule-assetpropertytimestamp-timeinseconds)" : String } ``` ### YAML ``` [OffsetInNanos](#cfn-iot-topicrule-assetpropertytimestamp-offsetinnanos): String [TimeInSeconds](#cfn-iot-topicrule-assetpropertytimestamp-timeinseconds): String ``` ## Properties `OffsetInNanos` Optional. A string that contains the nanosecond time offset. Accepts substitution templates. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TimeInSeconds` A string that contains the time in seconds since epoch. Accepts substitution templates. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule AssetPropertyValue An asset property value entry containing the following information. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Quality](#cfn-iot-topicrule-assetpropertyvalue-quality)" : String, "[Timestamp](#cfn-iot-topicrule-assetpropertyvalue-timestamp)" : AssetPropertyTimestamp, "[Value](#cfn-iot-topicrule-assetpropertyvalue-value)" : AssetPropertyVariant } ``` ### YAML ``` [Quality](#cfn-iot-topicrule-assetpropertyvalue-quality): String [Timestamp](#cfn-iot-topicrule-assetpropertyvalue-timestamp): AssetPropertyTimestamp [Value](#cfn-iot-topicrule-assetpropertyvalue-value): AssetPropertyVariant ``` ## Properties `Quality` Optional. A string that describes the quality of the value. Accepts substitution templates. Must be `GOOD`, `BAD`, or `UNCERTAIN`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Timestamp` The asset property value timestamp. *Required*: Yes *Type*: [AssetPropertyTimestamp](aws-properties-iot-topicrule-assetpropertytimestamp.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value of the asset property. *Required*: Yes *Type*: [AssetPropertyVariant](aws-properties-iot-topicrule-assetpropertyvariant.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule AssetPropertyVariant Contains an asset property value (of a single type). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BooleanValue](#cfn-iot-topicrule-assetpropertyvariant-booleanvalue)" : String, "[DoubleValue](#cfn-iot-topicrule-assetpropertyvariant-doublevalue)" : String, "[IntegerValue](#cfn-iot-topicrule-assetpropertyvariant-integervalue)" : String, "[StringValue](#cfn-iot-topicrule-assetpropertyvariant-stringvalue)" : String } ``` ### YAML ``` [BooleanValue](#cfn-iot-topicrule-assetpropertyvariant-booleanvalue): String [DoubleValue](#cfn-iot-topicrule-assetpropertyvariant-doublevalue): String [IntegerValue](#cfn-iot-topicrule-assetpropertyvariant-integervalue): String [StringValue](#cfn-iot-topicrule-assetpropertyvariant-stringvalue): String ``` ## Properties `BooleanValue` Optional. A string that contains the boolean value (`true` or `false`) of the value entry. Accepts substitution templates. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DoubleValue` Optional. A string that contains the double value of the value entry. Accepts substitution templates. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IntegerValue` Optional. A string that contains the integer value of the value entry. Accepts substitution templates. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StringValue` Optional. The string value of the value entry. Accepts substitution templates. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule BatchConfig The `BatchConfig` property type specifies Property description not available. for an [AWS::IoT::TopicRule](aws-resource-iot-topicrule.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[MaxBatchOpenMs](#cfn-iot-topicrule-batchconfig-maxbatchopenms)" : Integer, "[MaxBatchSize](#cfn-iot-topicrule-batchconfig-maxbatchsize)" : Integer, "[MaxBatchSizeBytes](#cfn-iot-topicrule-batchconfig-maxbatchsizebytes)" : Integer } ``` ### YAML ``` [MaxBatchOpenMs](#cfn-iot-topicrule-batchconfig-maxbatchopenms): Integer [MaxBatchSize](#cfn-iot-topicrule-batchconfig-maxbatchsize): Integer [MaxBatchSizeBytes](#cfn-iot-topicrule-batchconfig-maxbatchsizebytes): Integer ``` ## Properties `MaxBatchOpenMs` Property description not available. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MaxBatchSize` Property description not available. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MaxBatchSizeBytes` Property description not available. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule CloudwatchAlarmAction Describes an action that updates a CloudWatch alarm. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AlarmName](#cfn-iot-topicrule-cloudwatchalarmaction-alarmname)" : String, "[RoleArn](#cfn-iot-topicrule-cloudwatchalarmaction-rolearn)" : String, "[StateReason](#cfn-iot-topicrule-cloudwatchalarmaction-statereason)" : String, "[StateValue](#cfn-iot-topicrule-cloudwatchalarmaction-statevalue)" : String } ``` ### YAML ``` [AlarmName](#cfn-iot-topicrule-cloudwatchalarmaction-alarmname): String [RoleArn](#cfn-iot-topicrule-cloudwatchalarmaction-rolearn): String [StateReason](#cfn-iot-topicrule-cloudwatchalarmaction-statereason): String [StateValue](#cfn-iot-topicrule-cloudwatchalarmaction-statevalue): String ``` ## Properties `AlarmName` The CloudWatch alarm name. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The IAM role that allows access to the CloudWatch alarm. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StateReason` The reason for the alarm change. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StateValue` The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT\$1DATA. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule CloudwatchLogsAction Describes an action that updates a CloudWatch log. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BatchMode](#cfn-iot-topicrule-cloudwatchlogsaction-batchmode)" : Boolean, "[LogGroupName](#cfn-iot-topicrule-cloudwatchlogsaction-loggroupname)" : String, "[RoleArn](#cfn-iot-topicrule-cloudwatchlogsaction-rolearn)" : String } ``` ### YAML ``` [BatchMode](#cfn-iot-topicrule-cloudwatchlogsaction-batchmode): Boolean [LogGroupName](#cfn-iot-topicrule-cloudwatchlogsaction-loggroupname): String [RoleArn](#cfn-iot-topicrule-cloudwatchlogsaction-rolearn): String ``` ## Properties `BatchMode` Indicates whether batches of log records will be extracted and uploaded into CloudWatch. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogGroupName` The CloudWatch log name. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The IAM role that allows access to the CloudWatch log. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule CloudwatchMetricAction Describes an action that captures a CloudWatch metric. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[MetricName](#cfn-iot-topicrule-cloudwatchmetricaction-metricname)" : String, "[MetricNamespace](#cfn-iot-topicrule-cloudwatchmetricaction-metricnamespace)" : String, "[MetricTimestamp](#cfn-iot-topicrule-cloudwatchmetricaction-metrictimestamp)" : String, "[MetricUnit](#cfn-iot-topicrule-cloudwatchmetricaction-metricunit)" : String, "[MetricValue](#cfn-iot-topicrule-cloudwatchmetricaction-metricvalue)" : String, "[RoleArn](#cfn-iot-topicrule-cloudwatchmetricaction-rolearn)" : String } ``` ### YAML ``` [MetricName](#cfn-iot-topicrule-cloudwatchmetricaction-metricname): String [MetricNamespace](#cfn-iot-topicrule-cloudwatchmetricaction-metricnamespace): String [MetricTimestamp](#cfn-iot-topicrule-cloudwatchmetricaction-metrictimestamp): String [MetricUnit](#cfn-iot-topicrule-cloudwatchmetricaction-metricunit): String [MetricValue](#cfn-iot-topicrule-cloudwatchmetricaction-metricvalue): String [RoleArn](#cfn-iot-topicrule-cloudwatchmetricaction-rolearn): String ``` ## Properties `MetricName` The CloudWatch metric name. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricNamespace` The CloudWatch metric namespace name. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricTimestamp` An optional [Unix timestamp](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#about_timestamp). *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricUnit` The [metric unit](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Unit) supported by CloudWatch. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetricValue` The CloudWatch metric value. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The IAM role that allows access to the CloudWatch metric. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule DynamoDBAction Describes an action to write to a DynamoDB table. The `tableName`, `hashKeyField`, and `rangeKeyField` values must match the values used when you created the table. The `hashKeyValue` and `rangeKeyvalue` fields use a substitution template syntax. These templates provide data at runtime. The syntax is as follows: \$1\$1*sql-expression*\$1. You can specify any valid expression in a WHERE or SELECT clause, including JSON properties, comparisons, calculations, and functions. For example, the following field uses the third level of the topic: `"hashKeyValue": "${topic(3)}"` The following field uses the timestamp: `"rangeKeyValue": "${timestamp()}"` For more information, see [DynamoDBv2 Action](https://docs.aws.amazon.com/iot/latest/developerguide/iot-rule-actions.html) in the *AWS IoT Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[HashKeyField](#cfn-iot-topicrule-dynamodbaction-hashkeyfield)" : String, "[HashKeyType](#cfn-iot-topicrule-dynamodbaction-hashkeytype)" : String, "[HashKeyValue](#cfn-iot-topicrule-dynamodbaction-hashkeyvalue)" : String, "[PayloadField](#cfn-iot-topicrule-dynamodbaction-payloadfield)" : String, "[RangeKeyField](#cfn-iot-topicrule-dynamodbaction-rangekeyfield)" : String, "[RangeKeyType](#cfn-iot-topicrule-dynamodbaction-rangekeytype)" : String, "[RangeKeyValue](#cfn-iot-topicrule-dynamodbaction-rangekeyvalue)" : String, "[RoleArn](#cfn-iot-topicrule-dynamodbaction-rolearn)" : String, "[TableName](#cfn-iot-topicrule-dynamodbaction-tablename)" : String } ``` ### YAML ``` [HashKeyField](#cfn-iot-topicrule-dynamodbaction-hashkeyfield): String [HashKeyType](#cfn-iot-topicrule-dynamodbaction-hashkeytype): String [HashKeyValue](#cfn-iot-topicrule-dynamodbaction-hashkeyvalue): String [PayloadField](#cfn-iot-topicrule-dynamodbaction-payloadfield): String [RangeKeyField](#cfn-iot-topicrule-dynamodbaction-rangekeyfield): String [RangeKeyType](#cfn-iot-topicrule-dynamodbaction-rangekeytype): String [RangeKeyValue](#cfn-iot-topicrule-dynamodbaction-rangekeyvalue): String [RoleArn](#cfn-iot-topicrule-dynamodbaction-rolearn): String [TableName](#cfn-iot-topicrule-dynamodbaction-tablename): String ``` ## Properties `HashKeyField` The hash key name. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `HashKeyType` The hash key type. Valid values are "STRING" or "NUMBER" *Required*: No *Type*: String *Allowed values*: `STRING | NUMBER` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `HashKeyValue` The hash key value. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PayloadField` The action payload. This name can be customized. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RangeKeyField` The range key name. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RangeKeyType` The range key type. Valid values are "STRING" or "NUMBER" *Required*: No *Type*: String *Allowed values*: `STRING | NUMBER` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RangeKeyValue` The range key value. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the IAM role that grants access to the DynamoDB table. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TableName` The name of the DynamoDB table. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule DynamoDBv2Action Describes an action to write to a DynamoDB table. This DynamoDB action writes each attribute in the message payload into it's own column in the DynamoDB table. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[PutItem](#cfn-iot-topicrule-dynamodbv2action-putitem)" : PutItemInput, "[RoleArn](#cfn-iot-topicrule-dynamodbv2action-rolearn)" : String } ``` ### YAML ``` [PutItem](#cfn-iot-topicrule-dynamodbv2action-putitem): PutItemInput [RoleArn](#cfn-iot-topicrule-dynamodbv2action-rolearn): String ``` ## Properties `PutItem` Specifies the DynamoDB table to which the message data will be written. For example: `{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }` Each attribute in the message payload will be written to a separate column in the DynamoDB database. *Required*: No *Type*: [PutItemInput](aws-properties-iot-topicrule-putiteminput.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the IAM role that grants access to the DynamoDB table. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [AWS SDK for C\$1\$1](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_io_t_1_1_model_1_1_dynamo_d_bv2_action.html). + [AWS SDK for Go](https://docs.aws.amazon.com/sdk-for-go/api/service/iot/#DynamoDBv2Action). + [AWS SDK for Java](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/iot/model/DynamoDBv2Action.html). + [AWS SDK for Ruby V2](https://docs.aws.amazon.com/sdkforruby/api/Aws/IoT/Types/DynamoDBv2Action.html). # AWS::IoT::TopicRule ElasticsearchAction Describes an action that writes data to an Amazon OpenSearch Service domain. **Note** The `Elasticsearch` action can only be used by existing rule actions. To create a new rule action or to update an existing rule action, use the `OpenSearch` rule action instead. For more information, see [OpenSearchAction](https://docs.aws.amazon.com//iot/latest/apireference/API_OpenSearchAction.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Endpoint](#cfn-iot-topicrule-elasticsearchaction-endpoint)" : String, "[Id](#cfn-iot-topicrule-elasticsearchaction-id)" : String, "[Index](#cfn-iot-topicrule-elasticsearchaction-index)" : String, "[RoleArn](#cfn-iot-topicrule-elasticsearchaction-rolearn)" : String, "[Type](#cfn-iot-topicrule-elasticsearchaction-type)" : String } ``` ### YAML ``` [Endpoint](#cfn-iot-topicrule-elasticsearchaction-endpoint): String [Id](#cfn-iot-topicrule-elasticsearchaction-id): String [Index](#cfn-iot-topicrule-elasticsearchaction-index): String [RoleArn](#cfn-iot-topicrule-elasticsearchaction-rolearn): String [Type](#cfn-iot-topicrule-elasticsearchaction-type): String ``` ## Properties `Endpoint` The endpoint of your OpenSearch domain. *Required*: Yes *Type*: String *Pattern*: `https?://.*` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Id` The unique identifier for the document you are storing. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Index` The index where you want to store your data. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The IAM role ARN that has access to OpenSearch. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` The type of document you are storing. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule FirehoseAction Describes an action that writes data to an Amazon Kinesis Firehose stream. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BatchMode](#cfn-iot-topicrule-firehoseaction-batchmode)" : Boolean, "[DeliveryStreamName](#cfn-iot-topicrule-firehoseaction-deliverystreamname)" : String, "[RoleArn](#cfn-iot-topicrule-firehoseaction-rolearn)" : String, "[Separator](#cfn-iot-topicrule-firehoseaction-separator)" : String } ``` ### YAML ``` [BatchMode](#cfn-iot-topicrule-firehoseaction-batchmode): Boolean [DeliveryStreamName](#cfn-iot-topicrule-firehoseaction-deliverystreamname): String [RoleArn](#cfn-iot-topicrule-firehoseaction-rolearn): String [Separator](#cfn-iot-topicrule-firehoseaction-separator): String ``` ## Properties `BatchMode` Whether to deliver the Kinesis Data Firehose stream as a batch by using [https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html](https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html). The default value is `false`. When `batchMode` is `true` and the rule's SQL statement evaluates to an Array, each Array element forms one record in the [https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html](https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html) request. The resulting array can't have more than 500 records. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DeliveryStreamName` The delivery stream name. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The IAM role that grants access to the Amazon Kinesis Firehose stream. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Separator` A character separator that will be used to separate records written to the Firehose stream. Valid values are: '\$1n' (newline), '\$1t' (tab), '\$1r\$1n' (Windows newline), ',' (comma). *Required*: No *Type*: String *Pattern*: `([\n\t])|(\r\n)|(,)` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule HttpAction Send data to an HTTPS endpoint. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Auth](#cfn-iot-topicrule-httpaction-auth)" : HttpAuthorization, "[BatchConfig](#cfn-iot-topicrule-httpaction-batchconfig)" : BatchConfig, "[ConfirmationUrl](#cfn-iot-topicrule-httpaction-confirmationurl)" : String, "[EnableBatching](#cfn-iot-topicrule-httpaction-enablebatching)" : Boolean, "[Headers](#cfn-iot-topicrule-httpaction-headers)" : [ HttpActionHeader, ... ], "[Url](#cfn-iot-topicrule-httpaction-url)" : String } ``` ### YAML ``` [Auth](#cfn-iot-topicrule-httpaction-auth): HttpAuthorization [BatchConfig](#cfn-iot-topicrule-httpaction-batchconfig): BatchConfig [ConfirmationUrl](#cfn-iot-topicrule-httpaction-confirmationurl): String [EnableBatching](#cfn-iot-topicrule-httpaction-enablebatching): Boolean [Headers](#cfn-iot-topicrule-httpaction-headers): - HttpActionHeader [Url](#cfn-iot-topicrule-httpaction-url): String ``` ## Properties `Auth` The authentication method to use when sending data to an HTTPS endpoint. *Required*: No *Type*: [HttpAuthorization](aws-properties-iot-topicrule-httpauthorization.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `BatchConfig` Property description not available. *Required*: No *Type*: [BatchConfig](aws-properties-iot-topicrule-batchconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ConfirmationUrl` The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EnableBatching` Property description not available. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Headers` The HTTP headers to send with the message data. *Required*: No *Type*: Array of [HttpActionHeader](aws-properties-iot-topicrule-httpactionheader.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Url` The endpoint URL. If substitution templates are used in the URL, you must also specify a `confirmationUrl`. If this is a new destination, a new `TopicRuleDestination` is created if possible. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule HttpActionHeader The HTTP action header. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-topicrule-httpactionheader-key)" : String, "[Value](#cfn-iot-topicrule-httpactionheader-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-topicrule-httpactionheader-key): String [Value](#cfn-iot-topicrule-httpactionheader-value): String ``` ## Properties `Key` The HTTP header key. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The HTTP header value. Substitution templates are supported. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule HttpAuthorization The authorization method used to send messages. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Sigv4](#cfn-iot-topicrule-httpauthorization-sigv4)" : SigV4Authorization } ``` ### YAML ``` [Sigv4](#cfn-iot-topicrule-httpauthorization-sigv4): SigV4Authorization ``` ## Properties `Sigv4` Use Sig V4 authorization. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). *Required*: No *Type*: [SigV4Authorization](aws-properties-iot-topicrule-sigv4authorization.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule IotAnalyticsAction Sends message data to an AWS IoT Analytics channel. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BatchMode](#cfn-iot-topicrule-iotanalyticsaction-batchmode)" : Boolean, "[ChannelName](#cfn-iot-topicrule-iotanalyticsaction-channelname)" : String, "[RoleArn](#cfn-iot-topicrule-iotanalyticsaction-rolearn)" : String } ``` ### YAML ``` [BatchMode](#cfn-iot-topicrule-iotanalyticsaction-batchmode): Boolean [ChannelName](#cfn-iot-topicrule-iotanalyticsaction-channelname): String [RoleArn](#cfn-iot-topicrule-iotanalyticsaction-rolearn): String ``` ## Properties `BatchMode` Whether to process the action as a batch. The default value is `false`. When `batchMode` is `true` and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by [https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html](https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html) The resulting array can't have more than 100 messages. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ChannelName` The name of the IoT Analytics channel to which message data will be sent. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage). *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [IotAnalyticsAction](https://docs.aws.amazon.com/iot/latest/apireference/API_IotAnalyticsAction.html) in the *AWS IoT API Reference*. # AWS::IoT::TopicRule IotEventsAction Sends an input to an AWS IoT Events detector. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BatchMode](#cfn-iot-topicrule-ioteventsaction-batchmode)" : Boolean, "[InputName](#cfn-iot-topicrule-ioteventsaction-inputname)" : String, "[MessageId](#cfn-iot-topicrule-ioteventsaction-messageid)" : String, "[RoleArn](#cfn-iot-topicrule-ioteventsaction-rolearn)" : String } ``` ### YAML ``` [BatchMode](#cfn-iot-topicrule-ioteventsaction-batchmode): Boolean [InputName](#cfn-iot-topicrule-ioteventsaction-inputname): String [MessageId](#cfn-iot-topicrule-ioteventsaction-messageid): String [RoleArn](#cfn-iot-topicrule-ioteventsaction-rolearn): String ``` ## Properties `BatchMode` Whether to process the event actions as a batch. The default value is `false`. When `batchMode` is `true`, you can't specify a `messageId`. When `batchMode` is `true` and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when Events by calling [https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html](https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html). The resulting array can't have more than 10 messages. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InputName` The name of the AWS IoT Events input. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MessageId` The ID of the message. The default `messageId` is a new UUID value. When `batchMode` is `true`, you can't specify a `messageId`--a new UUID value will be assigned. Assign a value to this property to ensure that only one input (message) with a given `messageId` will be processed by an AWS IoT Events detector. *Required*: No *Type*: String *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage"). *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule IotSiteWiseAction Describes an action to send data from an MQTT message that triggered the rule to AWS IoT SiteWise asset properties. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[PutAssetPropertyValueEntries](#cfn-iot-topicrule-iotsitewiseaction-putassetpropertyvalueentries)" : [ PutAssetPropertyValueEntry, ... ], "[RoleArn](#cfn-iot-topicrule-iotsitewiseaction-rolearn)" : String } ``` ### YAML ``` [PutAssetPropertyValueEntries](#cfn-iot-topicrule-iotsitewiseaction-putassetpropertyvalueentries): - PutAssetPropertyValueEntry [RoleArn](#cfn-iot-topicrule-iotsitewiseaction-rolearn): String ``` ## Properties `PutAssetPropertyValueEntries` A list of asset property value entries. *Required*: Yes *Type*: Array of [PutAssetPropertyValueEntry](aws-properties-iot-topicrule-putassetpropertyvalueentry.md) *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoT SiteWise. (`"Action": "iotsitewise:BatchPutAssetPropertyValue"`). The trust policy can restrict access to specific asset hierarchy paths. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule KafkaAction Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ClientProperties](#cfn-iot-topicrule-kafkaaction-clientproperties)" : {Key: Value, ...}, "[DestinationArn](#cfn-iot-topicrule-kafkaaction-destinationarn)" : String, "[Headers](#cfn-iot-topicrule-kafkaaction-headers)" : [ KafkaActionHeader, ... ], "[Key](#cfn-iot-topicrule-kafkaaction-key)" : String, "[Partition](#cfn-iot-topicrule-kafkaaction-partition)" : String, "[Topic](#cfn-iot-topicrule-kafkaaction-topic)" : String } ``` ### YAML ``` [ClientProperties](#cfn-iot-topicrule-kafkaaction-clientproperties): Key: Value [DestinationArn](#cfn-iot-topicrule-kafkaaction-destinationarn): String [Headers](#cfn-iot-topicrule-kafkaaction-headers): - KafkaActionHeader [Key](#cfn-iot-topicrule-kafkaaction-key): String [Partition](#cfn-iot-topicrule-kafkaaction-partition): String [Topic](#cfn-iot-topicrule-kafkaaction-topic): String ``` ## Properties `ClientProperties` Properties of the Apache Kafka producer client. *Required*: Yes *Type*: Object of String *Pattern*: `.*` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DestinationArn` The ARN of Kafka action's VPC `TopicRuleDestination`. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Headers` The list of Kafka headers that you specify. *Required*: No *Type*: Array of [KafkaActionHeader](aws-properties-iot-topicrule-kafkaactionheader.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Key` The Kafka message key. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Partition` The Kafka message partition. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Topic` The Kafka topic for messages to be sent to the Kafka broker. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule KafkaActionHeader Specifies a Kafka header using key-value pairs when you create a Rule’s Kafka Action. You can use these headers to route data from IoT clients to downstream Kafka clusters without modifying your message payload. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-topicrule-kafkaactionheader-key)" : String, "[Value](#cfn-iot-topicrule-kafkaactionheader-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-topicrule-kafkaactionheader-key): String [Value](#cfn-iot-topicrule-kafkaactionheader-value): String ``` ## Properties `Key` The key of the Kafka header. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value of the Kafka header. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule KinesisAction Describes an action to write data to an Amazon Kinesis stream. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[PartitionKey](#cfn-iot-topicrule-kinesisaction-partitionkey)" : String, "[RoleArn](#cfn-iot-topicrule-kinesisaction-rolearn)" : String, "[StreamName](#cfn-iot-topicrule-kinesisaction-streamname)" : String } ``` ### YAML ``` [PartitionKey](#cfn-iot-topicrule-kinesisaction-partitionkey): String [RoleArn](#cfn-iot-topicrule-kinesisaction-rolearn): String [StreamName](#cfn-iot-topicrule-kinesisaction-streamname): String ``` ## Properties `PartitionKey` The partition key. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the IAM role that grants access to the Amazon Kinesis stream. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StreamName` The name of the Amazon Kinesis stream. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule LambdaAction Describes an action to invoke a Lambda function. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FunctionArn](#cfn-iot-topicrule-lambdaaction-functionarn)" : String } ``` ### YAML ``` [FunctionArn](#cfn-iot-topicrule-lambdaaction-functionarn): String ``` ## Properties `FunctionArn` The ARN of the Lambda function. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule LocationAction Describes an action to send device location updates from an MQTT message to an Amazon Location tracker resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DeviceId](#cfn-iot-topicrule-locationaction-deviceid)" : String, "[Latitude](#cfn-iot-topicrule-locationaction-latitude)" : String, "[Longitude](#cfn-iot-topicrule-locationaction-longitude)" : String, "[RoleArn](#cfn-iot-topicrule-locationaction-rolearn)" : String, "[Timestamp](#cfn-iot-topicrule-locationaction-timestamp)" : Timestamp, "[TrackerName](#cfn-iot-topicrule-locationaction-trackername)" : String } ``` ### YAML ``` [DeviceId](#cfn-iot-topicrule-locationaction-deviceid): String [Latitude](#cfn-iot-topicrule-locationaction-latitude): String [Longitude](#cfn-iot-topicrule-locationaction-longitude): String [RoleArn](#cfn-iot-topicrule-locationaction-rolearn): String [Timestamp](#cfn-iot-topicrule-locationaction-timestamp): Timestamp [TrackerName](#cfn-iot-topicrule-locationaction-trackername): String ``` ## Properties `DeviceId` The unique ID of the device providing the location data. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Latitude` A string that evaluates to a double value that represents the latitude of the device's location. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Longitude` A string that evaluates to a double value that represents the longitude of the device's location. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The IAM role that grants permission to write to the Amazon Location resource. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Timestamp` The time that the location data was sampled. The default value is the time the MQTT message was processed. *Required*: No *Type*: [Timestamp](aws-properties-iot-topicrule-timestamp.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TrackerName` The name of the tracker resource in Amazon Location in which the location is updated. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule OpenSearchAction Describes an action that writes data to an Amazon OpenSearch Service domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Endpoint](#cfn-iot-topicrule-opensearchaction-endpoint)" : String, "[Id](#cfn-iot-topicrule-opensearchaction-id)" : String, "[Index](#cfn-iot-topicrule-opensearchaction-index)" : String, "[RoleArn](#cfn-iot-topicrule-opensearchaction-rolearn)" : String, "[Type](#cfn-iot-topicrule-opensearchaction-type)" : String } ``` ### YAML ``` [Endpoint](#cfn-iot-topicrule-opensearchaction-endpoint): String [Id](#cfn-iot-topicrule-opensearchaction-id): String [Index](#cfn-iot-topicrule-opensearchaction-index): String [RoleArn](#cfn-iot-topicrule-opensearchaction-rolearn): String [Type](#cfn-iot-topicrule-opensearchaction-type): String ``` ## Properties `Endpoint` The endpoint of your OpenSearch domain. *Required*: Yes *Type*: String *Pattern*: `https?://.*` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Id` The unique identifier for the document you are storing. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Index` The OpenSearch index where you want to store your data. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The IAM role ARN that has access to OpenSearch. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` The type of document you are storing. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule PutAssetPropertyValueEntry An asset property value entry containing the following information. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AssetId](#cfn-iot-topicrule-putassetpropertyvalueentry-assetid)" : String, "[EntryId](#cfn-iot-topicrule-putassetpropertyvalueentry-entryid)" : String, "[PropertyAlias](#cfn-iot-topicrule-putassetpropertyvalueentry-propertyalias)" : String, "[PropertyId](#cfn-iot-topicrule-putassetpropertyvalueentry-propertyid)" : String, "[PropertyValues](#cfn-iot-topicrule-putassetpropertyvalueentry-propertyvalues)" : [ AssetPropertyValue, ... ] } ``` ### YAML ``` [AssetId](#cfn-iot-topicrule-putassetpropertyvalueentry-assetid): String [EntryId](#cfn-iot-topicrule-putassetpropertyvalueentry-entryid): String [PropertyAlias](#cfn-iot-topicrule-putassetpropertyvalueentry-propertyalias): String [PropertyId](#cfn-iot-topicrule-putassetpropertyvalueentry-propertyid): String [PropertyValues](#cfn-iot-topicrule-putassetpropertyvalueentry-propertyvalues): - AssetPropertyValue ``` ## Properties `AssetId` The ID of the AWS IoT SiteWise asset. You must specify either a `propertyAlias` or both an `aliasId` and a `propertyId`. Accepts substitution templates. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EntryId` Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PropertyAlias` The name of the property alias associated with your asset property. You must specify either a `propertyAlias` or both an `aliasId` and a `propertyId`. Accepts substitution templates. *Required*: No *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PropertyId` The ID of the asset's property. You must specify either a `propertyAlias` or both an `aliasId` and a `propertyId`. Accepts substitution templates. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PropertyValues` A list of property values to insert that each contain timestamp, quality, and value (TQV) information. *Required*: Yes *Type*: Array of [AssetPropertyValue](aws-properties-iot-topicrule-assetpropertyvalue.md) *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule PutItemInput The input for the DynamoActionVS action that specifies the DynamoDB table to which the message data will be written. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[TableName](#cfn-iot-topicrule-putiteminput-tablename)" : String } ``` ### YAML ``` [TableName](#cfn-iot-topicrule-putiteminput-tablename): String ``` ## Properties `TableName` The table where the message data will be written. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule RepublishAction Describes an action to republish to another topic. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Headers](#cfn-iot-topicrule-republishaction-headers)" : RepublishActionHeaders, "[Qos](#cfn-iot-topicrule-republishaction-qos)" : Integer, "[RoleArn](#cfn-iot-topicrule-republishaction-rolearn)" : String, "[Topic](#cfn-iot-topicrule-republishaction-topic)" : String } ``` ### YAML ``` [Headers](#cfn-iot-topicrule-republishaction-headers): RepublishActionHeaders [Qos](#cfn-iot-topicrule-republishaction-qos): Integer [RoleArn](#cfn-iot-topicrule-republishaction-rolearn): String [Topic](#cfn-iot-topicrule-republishaction-topic): String ``` ## Properties `Headers` MQTT Version 5.0 headers information. For more information, see [MQTT](https://docs.aws.amazon.com//iot/latest/developerguide/mqtt.html) in the IoT Core Developer Guide. *Required*: No *Type*: [RepublishActionHeaders](aws-properties-iot-topicrule-republishactionheaders.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Qos` The Quality of Service (QoS) level to use when republishing messages. The default value is 0. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the IAM role that grants access. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Topic` The name of the MQTT topic. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule RepublishActionHeaders Specifies MQTT Version 5.0 headers information. For more information, see [MQTT](https://docs.aws.amazon.com//iot/latest/developerguide/mqtt.html) in the IoT Core Developer Guide. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ContentType](#cfn-iot-topicrule-republishactionheaders-contenttype)" : String, "[CorrelationData](#cfn-iot-topicrule-republishactionheaders-correlationdata)" : String, "[MessageExpiry](#cfn-iot-topicrule-republishactionheaders-messageexpiry)" : String, "[PayloadFormatIndicator](#cfn-iot-topicrule-republishactionheaders-payloadformatindicator)" : String, "[ResponseTopic](#cfn-iot-topicrule-republishactionheaders-responsetopic)" : String, "[UserProperties](#cfn-iot-topicrule-republishactionheaders-userproperties)" : [ UserProperty, ... ] } ``` ### YAML ``` [ContentType](#cfn-iot-topicrule-republishactionheaders-contenttype): String [CorrelationData](#cfn-iot-topicrule-republishactionheaders-correlationdata): String [MessageExpiry](#cfn-iot-topicrule-republishactionheaders-messageexpiry): String [PayloadFormatIndicator](#cfn-iot-topicrule-republishactionheaders-payloadformatindicator): String [ResponseTopic](#cfn-iot-topicrule-republishactionheaders-responsetopic): String [UserProperties](#cfn-iot-topicrule-republishactionheaders-userproperties): - UserProperty ``` ## Properties `ContentType` A UTF-8 encoded string that describes the content of the publishing message. For more information, see [ Content Type](https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901118) in the MQTT Version 5.0 specification. Supports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html). *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CorrelationData` The base64-encoded binary data used by the sender of the request message to identify which request the response message is for. For more information, see [ Correlation Data](https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901115) in the MQTT Version 5.0 specification. Supports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html). This binary data must be base64-encoded. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MessageExpiry` A user-defined integer value that represents the message expiry interval at the broker. If the messages haven't been sent to the subscribers within that interval, the message expires and is removed. The value of `messageExpiry` represents the number of seconds before it expires. For more information about the limits of `messageExpiry`, see [Message broker and protocol limits and quotas](https://docs.aws.amazon.com//general/latest/gr/iot-core.html#limits_iot) in the IoT Core Reference Guide. Supports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html). *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PayloadFormatIndicator` An `Enum` string value that indicates whether the payload is formatted as UTF-8. Valid values are `UNSPECIFIED_BYTES` and `UTF8_DATA`. For more information, see [ Payload Format Indicator](https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901111) from the MQTT Version 5.0 specification. Supports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html). *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ResponseTopic` A UTF-8 encoded string that's used as the topic name for a response message. The response topic is used to describe the topic to which the receiver should publish as part of the request-response flow. The topic must not contain wildcard characters. For more information, see [ Response Topic](https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901114) in the MQTT Version 5.0 specification. Supports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html). *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UserProperties` An array of key-value pairs that you define in the MQTT5 header. *Required*: No *Type*: Array of [UserProperty](aws-properties-iot-topicrule-userproperty.md) *Minimum*: `1` *Maximum*: `100` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule S3Action Describes an action to write data to an Amazon S3 bucket. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BucketName](#cfn-iot-topicrule-s3action-bucketname)" : String, "[CannedAcl](#cfn-iot-topicrule-s3action-cannedacl)" : String, "[Key](#cfn-iot-topicrule-s3action-key)" : String, "[RoleArn](#cfn-iot-topicrule-s3action-rolearn)" : String } ``` ### YAML ``` [BucketName](#cfn-iot-topicrule-s3action-bucketname): String [CannedAcl](#cfn-iot-topicrule-s3action-cannedacl): String [Key](#cfn-iot-topicrule-s3action-key): String [RoleArn](#cfn-iot-topicrule-s3action-rolearn): String ``` ## Properties `BucketName` The Amazon S3 bucket. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CannedAcl` The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see [S3 canned ACLs](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl). *Required*: No *Type*: String *Allowed values*: `private | public-read | public-read-write | aws-exec-read | authenticated-read | bucket-owner-read | bucket-owner-full-control | log-delivery-write` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Key` The object key. For more information, see [Actions, resources, and condition keys for Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the IAM role that grants access. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule SigV4Authorization For more information, see [Signature Version 4 signing process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[RoleArn](#cfn-iot-topicrule-sigv4authorization-rolearn)" : String, "[ServiceName](#cfn-iot-topicrule-sigv4authorization-servicename)" : String, "[SigningRegion](#cfn-iot-topicrule-sigv4authorization-signingregion)" : String } ``` ### YAML ``` [RoleArn](#cfn-iot-topicrule-sigv4authorization-rolearn): String [ServiceName](#cfn-iot-topicrule-sigv4authorization-servicename): String [SigningRegion](#cfn-iot-topicrule-sigv4authorization-signingregion): String ``` ## Properties `RoleArn` The ARN of the signing role. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServiceName` The service name to use while signing with Sig V4. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SigningRegion` The signing region. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule SnsAction Describes an action to publish to an Amazon SNS topic. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[MessageFormat](#cfn-iot-topicrule-snsaction-messageformat)" : String, "[RoleArn](#cfn-iot-topicrule-snsaction-rolearn)" : String, "[TargetArn](#cfn-iot-topicrule-snsaction-targetarn)" : String } ``` ### YAML ``` [MessageFormat](#cfn-iot-topicrule-snsaction-messageformat): String [RoleArn](#cfn-iot-topicrule-snsaction-rolearn): String [TargetArn](#cfn-iot-topicrule-snsaction-targetarn): String ``` ## Properties `MessageFormat` (Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. For more information, see [Amazon SNS Message and JSON Formats](https://docs.aws.amazon.com/sns/latest/dg/json-formats.html) in the *Amazon Simple Notification Service Developer Guide*. *Required*: No *Type*: String *Allowed values*: `RAW | JSON` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the IAM role that grants access. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TargetArn` The ARN of the SNS topic. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule SqsAction Describes an action to publish data to an Amazon SQS queue. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[QueueUrl](#cfn-iot-topicrule-sqsaction-queueurl)" : String, "[RoleArn](#cfn-iot-topicrule-sqsaction-rolearn)" : String, "[UseBase64](#cfn-iot-topicrule-sqsaction-usebase64)" : Boolean } ``` ### YAML ``` [QueueUrl](#cfn-iot-topicrule-sqsaction-queueurl): String [RoleArn](#cfn-iot-topicrule-sqsaction-rolearn): String [UseBase64](#cfn-iot-topicrule-sqsaction-usebase64): Boolean ``` ## Properties `QueueUrl` The URL of the Amazon SQS queue. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the IAM role that grants access. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UseBase64` Specifies whether to use Base64 encoding. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule StepFunctionsAction Starts execution of a Step Functions state machine. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ExecutionNamePrefix](#cfn-iot-topicrule-stepfunctionsaction-executionnameprefix)" : String, "[RoleArn](#cfn-iot-topicrule-stepfunctionsaction-rolearn)" : String, "[StateMachineName](#cfn-iot-topicrule-stepfunctionsaction-statemachinename)" : String } ``` ### YAML ``` [ExecutionNamePrefix](#cfn-iot-topicrule-stepfunctionsaction-executionnameprefix): String [RoleArn](#cfn-iot-topicrule-stepfunctionsaction-rolearn): String [StateMachineName](#cfn-iot-topicrule-stepfunctionsaction-statemachinename): String ``` ## Properties `ExecutionNamePrefix` (Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution"). *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StateMachineName` The name of the Step Functions state machine whose execution will be started. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [StepFunctionsAction](https://docs.aws.amazon.com/iot/latest/apireference/API_StepFunctionsAction.html) in the *AWS IoT API Reference*. # AWS::IoT::TopicRule Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-topicrule-tag-key)" : String, "[Value](#cfn-iot-topicrule-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-topicrule-tag-key): String [Value](#cfn-iot-topicrule-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule Timestamp Describes how to interpret an application-defined timestamp value from an MQTT message payload and the precision of that value. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Unit](#cfn-iot-topicrule-timestamp-unit)" : String, "[Value](#cfn-iot-topicrule-timestamp-value)" : String } ``` ### YAML ``` [Unit](#cfn-iot-topicrule-timestamp-unit): String [Value](#cfn-iot-topicrule-timestamp-value): String ``` ## Properties `Unit` The precision of the timestamp value that results from the expression described in `value`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` An expression that returns a long epoch time value. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule TimestreamAction Describes an action that writes records into an Amazon Timestream table. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DatabaseName](#cfn-iot-topicrule-timestreamaction-databasename)" : String, "[Dimensions](#cfn-iot-topicrule-timestreamaction-dimensions)" : [ TimestreamDimension, ... ], "[RoleArn](#cfn-iot-topicrule-timestreamaction-rolearn)" : String, "[TableName](#cfn-iot-topicrule-timestreamaction-tablename)" : String, "[Timestamp](#cfn-iot-topicrule-timestreamaction-timestamp)" : TimestreamTimestamp } ``` ### YAML ``` [DatabaseName](#cfn-iot-topicrule-timestreamaction-databasename): String [Dimensions](#cfn-iot-topicrule-timestreamaction-dimensions): - TimestreamDimension [RoleArn](#cfn-iot-topicrule-timestreamaction-rolearn): String [TableName](#cfn-iot-topicrule-timestreamaction-tablename): String [Timestamp](#cfn-iot-topicrule-timestreamaction-timestamp): TimestreamTimestamp ``` ## Properties `DatabaseName` The name of an Amazon Timestream database that has the table to write records into. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Dimensions` Metadata attributes of the time series that are written in each measure record. *Required*: Yes *Type*: Array of [TimestreamDimension](aws-properties-iot-topicrule-timestreamdimension.md) *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The Amazon Resource Name (ARN) of the role that grants AWS IoT permission to write to the Timestream database table. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TableName` The table where the message data will be written. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Timestamp` The value to use for the entry's timestamp. If blank, the time that the entry was processed is used. *Required*: No *Type*: [TimestreamTimestamp](aws-properties-iot-topicrule-timestreamtimestamp.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule TimestreamDimension Metadata attributes of the time series that are written in each measure record. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Name](#cfn-iot-topicrule-timestreamdimension-name)" : String, "[Value](#cfn-iot-topicrule-timestreamdimension-value)" : String } ``` ### YAML ``` [Name](#cfn-iot-topicrule-timestreamdimension-name): String [Value](#cfn-iot-topicrule-timestreamdimension-value): String ``` ## Properties `Name` The metadata dimension name. This is the name of the column in the Amazon Timestream database table record. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value to write in this column of the database record. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule TimestreamTimestamp The value to use for the entry's timestamp. If blank, the time that the entry was processed is used. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Unit](#cfn-iot-topicrule-timestreamtimestamp-unit)" : String, "[Value](#cfn-iot-topicrule-timestreamtimestamp-value)" : String } ``` ### YAML ``` [Unit](#cfn-iot-topicrule-timestreamtimestamp-unit): String [Value](#cfn-iot-topicrule-timestreamtimestamp-value): String ``` ## Properties `Unit` The precision of the timestamp value that results from the expression described in `value`. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` An expression that returns a long epoch time value. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule TopicRulePayload Describes a rule. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Actions](#cfn-iot-topicrule-topicrulepayload-actions)" : [ Action, ... ], "[AwsIotSqlVersion](#cfn-iot-topicrule-topicrulepayload-awsiotsqlversion)" : String, "[Description](#cfn-iot-topicrule-topicrulepayload-description)" : String, "[ErrorAction](#cfn-iot-topicrule-topicrulepayload-erroraction)" : Action, "[RuleDisabled](#cfn-iot-topicrule-topicrulepayload-ruledisabled)" : Boolean, "[Sql](#cfn-iot-topicrule-topicrulepayload-sql)" : String } ``` ### YAML ``` [Actions](#cfn-iot-topicrule-topicrulepayload-actions): - Action [AwsIotSqlVersion](#cfn-iot-topicrule-topicrulepayload-awsiotsqlversion): String [Description](#cfn-iot-topicrule-topicrulepayload-description): String [ErrorAction](#cfn-iot-topicrule-topicrulepayload-erroraction): Action [RuleDisabled](#cfn-iot-topicrule-topicrulepayload-ruledisabled): Boolean [Sql](#cfn-iot-topicrule-topicrulepayload-sql): String ``` ## Properties `Actions` The actions associated with the rule. *Required*: Yes *Type*: Array of [Action](aws-properties-iot-topicrule-action.md) *Minimum*: `0` *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AwsIotSqlVersion` The version of the SQL rules engine to use when evaluating the rule. The default value is 2015-10-08. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` The description of the rule. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ErrorAction` The action to take when an error occurs. *Required*: No *Type*: [Action](aws-properties-iot-topicrule-action.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RuleDisabled` Specifies whether the rule is disabled. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Sql` The SQL statement used to query the topic. For more information, see [AWS IoT SQL Reference](https://docs.aws.amazon.com/iot/latest/developerguide/iot-sql-reference.html) in the *AWS IoT Developer Guide*. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRule UserProperty A key-value pair that you define in the header. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-topicrule-userproperty-key)" : String, "[Value](#cfn-iot-topicrule-userproperty-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-topicrule-userproperty-key): String [Value](#cfn-iot-topicrule-userproperty-value): String ``` ## Properties `Key` A key to be specified in `UserProperty`. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` A value to be specified in `UserProperty`. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::IoT::TopicRuleDestination A topic rule destination. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::TopicRuleDestination", "Properties" : { "[HttpUrlProperties](#cfn-iot-topicruledestination-httpurlproperties)" : HttpUrlDestinationSummary, "[Status](#cfn-iot-topicruledestination-status)" : String, "[VpcProperties](#cfn-iot-topicruledestination-vpcproperties)" : VpcDestinationProperties } } ``` ### YAML ``` Type: AWS::IoT::TopicRuleDestination Properties: [HttpUrlProperties](#cfn-iot-topicruledestination-httpurlproperties): HttpUrlDestinationSummary [Status](#cfn-iot-topicruledestination-status): String [VpcProperties](#cfn-iot-topicruledestination-vpcproperties): VpcDestinationProperties ``` ## Properties `HttpUrlProperties` Properties of the HTTP URL. *Required*: No *Type*: [HttpUrlDestinationSummary](aws-properties-iot-topicruledestination-httpurldestinationsummary.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Status` IN\$1PROGRESS A topic rule destination was created but has not been confirmed. You can set status to `IN_PROGRESS` by calling `UpdateTopicRuleDestination`. Calling `UpdateTopicRuleDestination` causes a new confirmation challenge to be sent to your confirmation endpoint. ENABLED Confirmation was completed, and traffic to this destination is allowed. You can set status to `DISABLED` by calling `UpdateTopicRuleDestination`. DISABLED Confirmation was completed, and traffic to this destination is not allowed. You can set status to `ENABLED` by calling `UpdateTopicRuleDestination`. ERROR Confirmation could not be completed; for example, if the confirmation timed out. You can call `GetTopicRuleDestination` for details about the error. You can set status to `IN_PROGRESS` by calling `UpdateTopicRuleDestination`. Calling `UpdateTopicRuleDestination` causes a new confirmation challenge to be sent to your confirmation endpoint. *Required*: No *Type*: String *Allowed values*: `ENABLED | IN_PROGRESS | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VpcProperties` Properties of the virtual private cloud (VPC) connection. *Required*: No *Type*: [VpcDestinationProperties](aws-properties-iot-topicruledestination-vpcdestinationproperties.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the topic rule destination. For example: `{ "Ref": "TopicRuleDestination" }` A value similar to the following is returned: `a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt #### `Arn` The topic rule destination URL. `StatusReason` Additional details or reason why the topic rule destination is in the current status. # AWS::IoT::TopicRuleDestination HttpUrlDestinationSummary HTTP URL destination properties. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ConfirmationUrl](#cfn-iot-topicruledestination-httpurldestinationsummary-confirmationurl)" : String } ``` ### YAML ``` [ConfirmationUrl](#cfn-iot-topicruledestination-httpurldestinationsummary-confirmationurl): String ``` ## Properties `ConfirmationUrl` The URL used to confirm the HTTP topic rule destination URL. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::IoT::TopicRuleDestination VpcDestinationProperties The properties of a virtual private cloud (VPC) destination. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[RoleArn](#cfn-iot-topicruledestination-vpcdestinationproperties-rolearn)" : String, "[SecurityGroups](#cfn-iot-topicruledestination-vpcdestinationproperties-securitygroups)" : [ String, ... ], "[SubnetIds](#cfn-iot-topicruledestination-vpcdestinationproperties-subnetids)" : [ String, ... ], "[VpcId](#cfn-iot-topicruledestination-vpcdestinationproperties-vpcid)" : String } ``` ### YAML ``` [RoleArn](#cfn-iot-topicruledestination-vpcdestinationproperties-rolearn): String [SecurityGroups](#cfn-iot-topicruledestination-vpcdestinationproperties-securitygroups): - String [SubnetIds](#cfn-iot-topicruledestination-vpcdestinationproperties-subnetids): - String [VpcId](#cfn-iot-topicruledestination-vpcdestinationproperties-vpcid): String ``` ## Properties `RoleArn` The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs). *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SecurityGroups` The security groups of the VPC destination. *Required*: No *Type*: Array of String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SubnetIds` The subnet IDs of the VPC destination. *Required*: No *Type*: Array of String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `VpcId` The ID of the VPC. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)