Updates the definition for the specified mitigation action.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
update-mitigation-action
--action-name <value>
[--role-arn <value>]
[--action-params <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--action-name
(string)
The friendly name for the mitigation action. You cannot change the name by using
UpdateMitigationAction
. Instead, you must delete and recreate the mitigation action with the new name.
--role-arn
(string)
The ARN of the IAM role that is used to apply the mitigation action.
--action-params
(structure)
Defines the type of action and the parameters for that action.
updateDeviceCertificateParams -> (structure)
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action -> (string)
The action that you want to apply to the device certificate. The only supported value is
DEACTIVATE
.updateCACertificateParams -> (structure)
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action -> (string)
The action that you want to apply to the CA certificate. The only supported value is
DEACTIVATE
.addThingsToThingGroupParams -> (structure)
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames -> (list)
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can’t add a thing to more than one group in the same hierarchy.
(string)
overrideDynamicGroups -> (boolean)
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
replaceDefaultPolicyVersionParams -> (structure)
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName -> (string)
The name of the template to be applied. The only supported value is
BLANK_POLICY
.enableIoTLoggingParams -> (structure)
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging -> (string)
The Amazon Resource Name (ARN) of the IAM role used for logging.
logLevel -> (string)
Specifies the type of information to be logged.
publishFindingToSnsParams -> (structure)
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn -> (string)
The ARN of the topic to which you want to publish the findings.
Shorthand Syntax:
updateDeviceCertificateParams={action=string},updateCACertificateParams={action=string},addThingsToThingGroupParams={thingGroupNames=[string,string],overrideDynamicGroups=boolean},replaceDefaultPolicyVersionParams={templateName=string},enableIoTLoggingParams={roleArnForLogging=string,logLevel=string},publishFindingToSnsParams={topicArn=string}
JSON Syntax:
{
"updateDeviceCertificateParams": {
"action": "DEACTIVATE"
},
"updateCACertificateParams": {
"action": "DEACTIVATE"
},
"addThingsToThingGroupParams": {
"thingGroupNames": ["string", ...],
"overrideDynamicGroups": true|false
},
"replaceDefaultPolicyVersionParams": {
"templateName": "BLANK_POLICY"
},
"enableIoTLoggingParams": {
"roleArnForLogging": "string",
"logLevel": "DEBUG"|"INFO"|"ERROR"|"WARN"|"DISABLED"
},
"publishFindingToSnsParams": {
"topicArn": "string"
}
}
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To update a mitigation action
The following update-mitigation-action
example updates the specified mitigation action named AddThingsToQuarantineGroupAction
, changes the thing group name, and sets overrideDynamicGroups
to false
. You can verify your changes by using the describe-mitigation-action
command.
aws iot update-mitigation-action \
--cli-input-json "{ \"actionName\": \"AddThingsToQuarantineGroupAction\", \"actionParams\": { \"addThingsToThingGroupParams\": {\"thingGroupNames\":[\"QuarantineGroup2\"],\"overrideDynamicGroups\": false}}}"
Output:
{
"actionArn": "arn:aws:iot:us-west-2:123456789012:mitigationaction/AddThingsToQuarantineGroupAction",
"actionId": "2fd2726d-98e1-4abf-b10f-09465ccd6bfa"
}
For more information, see UpdateMitigationAction (Mitigation Action Commands) in the AWS IoT Developer Guide.
actionArn -> (string)
The ARN for the new mitigation action.
actionId -> (string)
A unique identifier for the mitigation action.