[ aws . iot ]



Starts a Device Defender ML Detect mitigation actions task.

Requires permission to access the StartDetectMitigationActionsTask action.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.


--task-id <value>
--target <value>
--actions <value>
[--violation-event-occurrence-range <value>]
[--include-only-active-violations | --no-include-only-active-violations]
[--include-suppressed-alerts | --no-include-suppressed-alerts]
[--client-request-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]


--task-id (string)

The unique identifier of the task.

--target (structure)

Specifies the ML Detect findings to which the mitigation actions are applied.

violationIds -> (list)

The unique identifiers of the violations.


securityProfileName -> (string)

The name of the security profile.

behaviorName -> (string)

The name of the behavior.

Shorthand Syntax:


JSON Syntax:

  "violationIds": ["string", ...],
  "securityProfileName": "string",
  "behaviorName": "string"

--actions (list)

The actions to be performed when a device has unexpected behavior.



"string" "string" ...

--violation-event-occurrence-range (structure)

Specifies the time period of which violation events occurred between.

startTime -> (timestamp)

The start date and time of a time period in which violation events occurred.

endTime -> (timestamp)

The end date and time of a time period in which violation events occurred.

Shorthand Syntax:


JSON Syntax:

  "startTime": timestamp,
  "endTime": timestamp

--include-only-active-violations | --no-include-only-active-violations (boolean)

Specifies to list only active violations.

--include-suppressed-alerts | --no-include-suppressed-alerts (boolean)

Specifies to include suppressed alerts.

--client-request-token (string)

Each mitigation action task must have a unique client request token. If you try to create a new task with the same token as a task that already exists, an exception occurs. If you omit this value, Amazon Web Services SDKs will automatically generate a unique client request.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.


taskId -> (string)

The unique identifier of the task.