[ aws . cloudcontrol ]



Updates the specified property values in the resource.

You specify your resource property updates as a list of patch operations contained in a JSON patch document that adheres to the ` RFC 6902 - JavaScript Object Notation (JSON) Patch https://datatracker.ietf.org/doc/html/rfc6902`__ standard.

For details on how Cloud Control API performs resource update operations, see Updating a resource in the Amazon Web Services Cloud Control API User Guide .

After you have initiated a resource update request, you can monitor the progress of your request by calling GetResourceRequestStatus using the RequestToken of the ProgressEvent returned by UpdateResource .

For more information about the properties of a specific resource, refer to the related topic for the resource in the Resource and property types reference in the CloudFormation Users Guide .

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.


--type-name <value>
[--type-version-id <value>]
[--role-arn <value>]
[--client-token <value>]
--identifier <value>
--patch-document <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]


--type-name (string)

The name of the resource type.

--type-version-id (string)

For private resource types, the type version to use in this resource operation. If you do not specify a resource version, CloudFormation uses the default version.

--role-arn (string)

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. The role specified must have the permissions required for this operation. The necessary permissions for each event handler are defined in the `` handlers `` section of the resource type definition schema .

If you do not specify a role, Cloud Control API uses a temporary session created using your Amazon Web Services user credentials.

For more information, see Specifying credentials in the Amazon Web Services Cloud Control API User Guide .

--client-token (string)

A unique identifier to ensure the idempotency of the resource request. As a best practice, specify this token to ensure idempotency, so that Amazon Web Services Cloud Control API can accurately distinguish between request retries and new resource requests. You might retry a resource request to ensure that it was successfully received.

A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request.

If you do not specify a client token, one is generated for inclusion in the request.

For more information, see Ensuring resource operation requests are unique in the Amazon Web Services Cloud Control API User Guide .

--identifier (string)

The identifier for the resource.

You can specify the primary identifier, or any secondary identifier defined for the resource type in its resource schema. You can only specify one identifier. Primary identifiers can be specified as a string or JSON; secondary identifiers must be specified as JSON.

For compound primary identifiers (that is, one that consists of multiple resource properties strung together), to specify the primary identifier as a string, list the property values in the order they are specified in the primary identifier definition, separated by | .

For more information, see Identifying resources in the Amazon Web Services Cloud Control API User Guide .

--patch-document (string)

A JavaScript Object Notation (JSON) document listing the patch operations that represent the updates to apply to the current resource properties. For details, see Composing the patch document in the Amazon Web Services Cloud Control API User Guide .

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.



To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.

Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal’s quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .

To update the properties of an existing resource

The following update-resource example updates the retention policy of an AWS::Logs::LogGroup resource named ExampleLogGroup to 90 days.

aws cloudcontrol update-resource \
    --type-name AWS::Logs::LogGroup \
    --identifier ExampleLogGroup \
    --patch-document "[{\"op\":\"replace\",\"path\":\"/RetentionInDays\",\"value\":90}]"


    "ProgressEvent": {
        "EventTime": "2021-08-09T18:17:15.219Z",
        "TypeName": "AWS::Logs::LogGroup",
        "OperationStatus": "IN_PROGRESS",
        "Operation": "UPDATE",
        "Identifier": "ExampleLogGroup",
        "RequestToken": "5f40c577-3534-4b20-9599-0b0123456789"

For more information, see Updating a resource in the Cloud Control API User Guide.


ProgressEvent -> (structure)

Represents the current status of the resource update request.

Use the RequestToken of the ProgressEvent with GetResourceRequestStatus to return the current status of a resource operation request.

TypeName -> (string)

The name of the resource type used in the operation.

Identifier -> (string)

The primary identifier for the resource.


In some cases, the resource identifier may be available before the resource operation has reached a status of SUCCESS .

RequestToken -> (string)

The unique token representing this resource operation request.

Use the RequestToken with GetResourceRequestStatus to return the current status of a resource operation request.

Operation -> (string)

The resource operation type.

OperationStatus -> (string)

The current status of the resource operation request.

  • PENDING : The resource operation hasn’t yet started.

  • IN_PROGRESS : The resource operation is currently in progress.

  • SUCCESS : The resource operation has successfully completed.

  • FAILED : The resource operation has failed. Refer to the error code and status message for more information.

  • CANCEL_IN_PROGRESS : The resource operation is in the process of being canceled.

  • CANCEL_COMPLETE : The resource operation has been canceled.

EventTime -> (timestamp)

When the resource operation request was initiated.

ResourceModel -> (string)

A JSON string containing the resource model, consisting of each resource property and its current value.

StatusMessage -> (string)

Any message explaining the current status.

ErrorCode -> (string)

For requests with a status of FAILED , the associated error code.

For error code definitions, see Handler error codes in the CloudFormation Command Line Interface User Guide for Extension Development .

RetryAfter -> (timestamp)

When to next request the status of this resource operation request.