AWS::AIOps::InvestigationGroup - Amazon CloudFormation
SyntaxPropertiesReturn values
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::AIOps::InvestigationGroup

Creates an investigation group in your account. Creating an investigation group is a one-time setup task for each Region in your account. It is a necessary task to be able to perform investigations.

Settings in the investigation group help you centrally manage the common properties of your investigations, such as the following:

  • Who can access the investigations

  • Whether investigation data is encrypted with a customer managed Amazon Key Management Service key.

  • How long investigations and their data are retained by default.

Currently, you can have one investigation group in each Region in your account. Each investigation in a Region is a part of the investigation group in that Region

To create an investigation group and set up CloudWatch investigations, you must be signed in to an IAM principal that has the either the AIOpsConsoleAdminPolicy or the AdministratorAccess IAM policy attached, or to an account that has similar permissions.

Important

You can configure CloudWatch alarms to start investigations and add events to investigations. If you create your investigation group with CreateInvestigationGroup and you want to enable alarms to do this, you must use PutInvestigationGroupPolicy to create a resource policy that grants this permission to CloudWatch alarms.

For more information about configuring CloudWatch alarms to work with CloudWatch investigations, see

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::AIOps::InvestigationGroup",
  "Properties" : {
      "ChatbotNotificationChannels" : [ ChatbotNotificationChannel, ... ],
      "CrossAccountConfigurations" : [ CrossAccountConfiguration, ... ],
      "EncryptionConfig" : EncryptionConfigMap,
      "InvestigationGroupPolicy" : String,
      "IsCloudTrailEventHistoryEnabled" : Boolean,
      "Name" : String,
      "RetentionInDays" : Integer,
      "RoleArn" : String,
      "TagKeyBoundaries" : [ String, ... ],
      "Tags" : [ Tag, ... ]
    }
}

Properties

ChatbotNotificationChannels

Use this property to integrate CloudWatch investigations with chat applications. This property is an array. For the first string, specify the ARN of an Amazon SNS topic. For the array of strings, specify the ARNs of one or more chat applications configurations that you want to associate with that topic. For more information about these configuration ARNs, see Getting started with Amazon Q in chat applications and Resource type defined by Amazon Chatbot.

Required: No

Type: Array of ChatbotNotificationChannel

Update requires: No interruption

CrossAccountConfigurations

Number of sourceAccountId values that have been configured for cross-account access.

Required: No

Type: Array of CrossAccountConfiguration

Update requires: No interruption

EncryptionConfig

Specifies the customer managed Amazon KMS key that the investigation group uses to encrypt data, if there is one. If not, the investigation group uses an Amazon key to encrypt the data.

Required: No

Type: EncryptionConfigMap

Update requires: No interruption

InvestigationGroupPolicy

Returns the IAM resource policy that is associated with the specified investigation group.

Required: No

Type: String

Update requires: No interruption

IsCloudTrailEventHistoryEnabled

Specify true to enable CloudWatch investigations to have access to change events that are recorded by CloudTrail. The default is true.

Required: No

Type: Boolean

Update requires: No interruption

Name

Specify either the name or the ARN of the investigation group that you want to view.

Required: Yes

Type: String

Minimum: 1

Maximum: 512

Update requires: Replacement

RetentionInDays

Specifies how long that investigation data is kept.

Required: No

Type: Integer

Update requires: Replacement

RoleArn

The ARN of the IAM role that the investigation group uses for permissions to gather data.

Required: No

Type: String

Minimum: 20

Maximum: 2048

Update requires: No interruption

TagKeyBoundaries

Displays the custom tag keys for custom applications in your system that you have specified in the investigation group. Resource tags help CloudWatch investigations narrow the search space when it is unable to discover definite relationships between resources.

Required: No

Type: Array of String

Minimum: 1

Maximum: 200

Update requires: No interruption

Tags

The list of key-value pairs to associate with the resource.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ARN of the investigation group. For example, arn:aws:aiops:Region:account-id:investigation-group:investigation-group-id

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the investigation group.

CreatedAt

The date and time that the investigation group was created.

CreatedBy

The name of the user who created the investigation group.

LastModifiedAt

The date and time that the investigation group was most recently modified.

LastModifiedBy

The name of the user who created the investigation group.