[ aws . resiliencehubv2 ]
update-service¶
Synopsis¶
update-service
--service-arn <value>
[--description <value>]
[--associated-systems <value>]
[--policy-arn <value>]
[--regions <value>]
[--permission-model <value>]
[--dependency-discovery <value>]
[--report-configuration <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]
[--cli-error-format <value>]
Options¶
--service-arn (string) [required]
ARN identifier.
Constraints:
- min:
31- pattern:
arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+.-]{0,1023}
--description (string)
Resource description for services and policies.
Constraints:
- min:
0- max:
615
--associated-systems (list)
The updated systems to associate with the service.
Constraints:
- min:
0- max:
20(structure)
Represents a system associated with a service.
systemArn -> (string) [required]
ARN identifier.
Constraints:
- min:
31- pattern:
arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+.-]{0,1023}systemName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}userJourneyIds -> (list)
The list of user journey identifiers that associate this system with the service.
Constraints:
- min:
0- max:
20(string)
Constraints:
- min:
1- max:
255- pattern:
\S{1,255}
Shorthand Syntax:
systemArn=string,systemName=string,userJourneyIds=string,string ...
JSON Syntax:
[
{
"systemArn": "string",
"systemName": "string",
"userJourneyIds": ["string", ...]
}
...
]
--policy-arn (string)
ARN identifier.
Constraints:
- min:
31- pattern:
arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+.-]{0,1023}
--regions (list)
The updated AWS Regions where the service operates.
Constraints:
- min:
1- max:
5(string)
Constraints:
- min:
6- pattern:
[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]
Syntax:
"string" "string" ...
--permission-model (structure)
The updated permission model for the service.
invokerRoleName -> (string) [required]
IAM role name (supports up to 64 characters per IAM limits).
Constraints:
- min:
1- max:
64- pattern:
[A-Za-z0-9_+=,.@\-]{1,64}crossAccountRoles -> (list)
The list of cross-account IAM role ARNs.
Constraints:
- min:
0- max:
5(structure)
Specifies a cross-account IAM role ARN and optional external ID.
crossAccountRoleArn -> (string) [required]
ARN of the IAM Role for the profile. Null if the permission profile is the ‘Admin’ profile.
Constraints:
- min:
32- pattern:
arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):iam::[0-9]{12}:role/(([^/][!-~]+/){1,511})?[A-Za-z0-9_+=,.@-]{1,64}externalId -> (string)
The external ID used for assuming the cross-account role.
Constraints:
- min:
2- max:
1224
Shorthand Syntax:
invokerRoleName=string,crossAccountRoles=[{crossAccountRoleArn=string,externalId=string},{crossAccountRoleArn=string,externalId=string}]
JSON Syntax:
{
"invokerRoleName": "string",
"crossAccountRoles": [
{
"crossAccountRoleArn": "string",
"externalId": "string"
}
...
]
}
--dependency-discovery (string)
Caller-settable values for dependency discovery. INITIALIZING is system-managed.
Possible values:
ENABLEDDISABLED
--report-configuration (structure)
Configuration for automatic report generation on a Service.
reportOutputs -> (list) [required]
Output destinations for generated reports.
Constraints:
- min:
1- max:
1(tagged union structure)
Configuration for a report output destination.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:s3.s3 -> (structure)
S3 configuration for report output.
bucketPath -> (string) [required]
S3 bucket path where reports will be written (e.g., my-bucket/ngrh-reports/).
Constraints:
- min:
3- max:
512- pattern:
(s3://)?[a-z0-9][a-z0-9.-]{1,61}[a-z0-9](/.*)?bucketOwner -> (string) [required]
Account ID of the bucket owner for cross-account access verification.
Constraints:
- min:
12- max:
12- pattern:
\d{12}
JSON Syntax:
{
"reportOutputs": [
{
"s3": {
"bucketPath": "string",
"bucketOwner": "string"
}
}
...
]
}
--cli-input-json | --cli-input-yaml (string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.
--generate-cli-skeleton (string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
Global Options¶
--debug (boolean)
Turn on debug logging.
--endpoint-url (string)
Override command’s default URL with the given URL.
--no-verify-ssl (boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate (boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output (string)
The formatting style for command output.
- json
- text
- table
- yaml
- yaml-stream
- off
--query (string)
A JMESPath query to use in filtering the response data.
--profile (string)
Use a specific profile from your credential file.
--region (string)
The region to use. Overrides config/env settings.
--version (string)
Display the version of this tool.
--color (string)
Turn on/off color output.
- on
- off
- auto
--no-sign-request (boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle (string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout (int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout (int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
--cli-binary-format (string)
The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.
- base64
- raw-in-base64-out
--no-cli-pager (boolean)
Disable cli pager for output.
--cli-auto-prompt (boolean)
Automatically prompt for CLI input parameters.
--no-cli-auto-prompt (boolean)
Disable automatically prompt for CLI input parameters.
--cli-error-format (string)
The formatting style for error output. By default, errors are displayed in enhanced format.
- legacy
- json
- yaml
- text
- table
- enhanced
Output¶
service -> (structure)
The updated service.
serviceArn -> (string) [required]
ARN identifier.
Constraints:
- min:
31- pattern:
arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+.-]{0,1023}name -> (string) [required]
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}description -> (string)
Resource description for services and policies.
Constraints:
- min:
0- max:
615associatedSystems -> (list)
The systems associated with the service.
Constraints:
- min:
0- max:
20(structure)
Represents a system associated with a service.
systemArn -> (string) [required]
ARN identifier.
Constraints:
- min:
31- pattern:
arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+.-]{0,1023}systemName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}userJourneyIds -> (list)
The list of user journey identifiers that associate this system with the service.
Constraints:
- min:
0- max:
20(string)
Constraints:
- min:
1- max:
255- pattern:
\S{1,255}policyArn -> (string)
ARN identifier.
Constraints:
- min:
31- pattern:
arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+.-]{0,1023}regions -> (list)
The AWS Regions where the service operates.
Constraints:
- min:
1- max:
5(string)
Constraints:
- min:
6- pattern:
[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]permissionModel -> (structure)
The permission model for the service.
invokerRoleName -> (string) [required]
IAM role name (supports up to 64 characters per IAM limits).
Constraints:
- min:
1- max:
64- pattern:
[A-Za-z0-9_+=,.@\-]{1,64}crossAccountRoles -> (list)
The list of cross-account IAM role ARNs.
Constraints:
- min:
0- max:
5(structure)
Specifies a cross-account IAM role ARN and optional external ID.
crossAccountRoleArn -> (string) [required]
ARN of the IAM Role for the profile. Null if the permission profile is the ‘Admin’ profile.
Constraints:
- min:
32- pattern:
arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):iam::[0-9]{12}:role/(([^/][!-~]+/){1,511})?[A-Za-z0-9_+=,.@-]{1,64}externalId -> (string)
The external ID used for assuming the cross-account role.
Constraints:
- min:
2- max:
1224dependencyDiscovery -> (structure)
The dependency discovery configuration for the service.
status -> (string) [required]
The current status of dependency discovery.
Possible values:
ENABLEDINITIALIZINGDISABLEDupdatedAt -> (timestamp)
The timestamp when dependency discovery was last updated.effectivePolicyValues -> (structure)
The effective policy values for the service.
availabilitySlo -> (structure)
The effective availability SLO value for the service.
value -> (double)
The availability SLO percentage value.policyName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}source -> (string)
Indicates whether the value comes from the service’s own account or a cross-account policy.
Possible values:
SELFCROSS_ACCOUNTmultiAzRto -> (structure)
The effective multi-AZ RTO value for the service, in minutes.
value -> (integer)
The RTO or RPO value in minutes.policyName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}source -> (string)
Indicates whether the value comes from the service’s own account or a cross-account policy.
Possible values:
SELFCROSS_ACCOUNTmultiAzRpo -> (structure)
The effective multi-AZ RPO value for the service, in minutes.
value -> (integer)
The RTO or RPO value in minutes.policyName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}source -> (string)
Indicates whether the value comes from the service’s own account or a cross-account policy.
Possible values:
SELFCROSS_ACCOUNTmultiAzDrApproach -> (structure)
The effective multi-AZ disaster recovery approach for the service.
value -> (string)
The disaster recovery approach value.policyName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}source -> (string)
Indicates whether the value comes from the service’s own account or a cross-account policy.
Possible values:
SELFCROSS_ACCOUNTmultiRegionRto -> (structure)
The effective multi-Region RTO value for the service, in minutes.
value -> (integer)
The RTO or RPO value in minutes.policyName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}source -> (string)
Indicates whether the value comes from the service’s own account or a cross-account policy.
Possible values:
SELFCROSS_ACCOUNTmultiRegionRpo -> (structure)
The effective multi-Region RPO value for the service, in minutes.
value -> (integer)
The RTO or RPO value in minutes.policyName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}source -> (string)
Indicates whether the value comes from the service’s own account or a cross-account policy.
Possible values:
SELFCROSS_ACCOUNTmultiRegionDrApproach -> (structure)
The effective multi-Region disaster recovery approach for the service.
value -> (string)
The disaster recovery approach value.policyName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}source -> (string)
Indicates whether the value comes from the service’s own account or a cross-account policy.
Possible values:
SELFCROSS_ACCOUNTdataRecoveryTimeBetweenBackups -> (structure)
The effective data recovery time between backups value for the service.
value -> (integer)
The RTO or RPO value in minutes.policyName -> (string)
Resource name (used in ARN — no spaces allowed).
Constraints:
- min:
2- max:
60- pattern:
[A-Za-z0-9][A-Za-z0-9_\-]{1,59}source -> (string)
Indicates whether the value comes from the service’s own account or a cross-account policy.
Possible values:
SELFCROSS_ACCOUNTachievability -> (structure)
The achievability status of the service’s resilience targets.
availabilitySlo -> (string)
The achievability status of the availability SLO target for the service.
Possible values:
ACHIEVABLENOT_ACHIEVABLEmultiAzRtoRpo -> (string)
The achievability status of the multi-AZ RTO and RPO targets for the service.
Possible values:
ACHIEVABLENOT_ACHIEVABLEmultiRegionRtoRpo -> (string)
The achievability status of the multi-Region RTO and RPO targets for the service.
Possible values:
ACHIEVABLENOT_ACHIEVABLEreportConfiguration -> (structure)
Configuration for automatic report generation on a Service.
reportOutputs -> (list) [required]
Output destinations for generated reports.
Constraints:
- min:
1- max:
1(tagged union structure)
Configuration for a report output destination.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:s3.s3 -> (structure)
S3 configuration for report output.
bucketPath -> (string) [required]
S3 bucket path where reports will be written (e.g., my-bucket/ngrh-reports/).
Constraints:
- min:
3- max:
512- pattern:
(s3://)?[a-z0-9][a-z0-9.-]{1,61}[a-z0-9](/.*)?bucketOwner -> (string) [required]
Account ID of the bucket owner for cross-account access verification.
Constraints:
- min:
12- max:
12- pattern:
\d{12}kmsKeyId -> (string)
KMS key identifier — accepts key ID, key ARN, alias name, or alias ARN.
Constraints:
- min:
1- max:
2048tags -> (map)
Resource tags.
Constraints:
- min:
1- max:
50key -> (string)
Tag key.
Constraints:
- min:
1- max:
128- pattern:
[^\x00-\x1f\x22]+value -> (string)
Tag value.
Constraints:
- min:
0- max:
256- pattern:
[^\x00-\x1f\x22]*estimatedAssessmentCost -> (structure)
The estimated cost of running an assessment on the service.
amount -> (double)
The cost amount for the assessment.currency -> (string)
The currency of the assessment cost.
Possible values:
USDresourceDiscovery -> (structure)
The resource discovery status for the service.
status -> (string)
The current status of resource discovery.
Possible values:
RUNNINGSUCCEEDEDFAILEDCOMPLETED_WITH_FAILURESNOT_STARTEDlastRunAt -> (timestamp)
The timestamp of the last resource discovery run.errorCode -> (string)
The error code if resource discovery failed.
Possible values:
INVALID_PERMISSIONSSTACK_NOT_FOUNDCLUSTER_NOT_FOUNDSTATE_FILE_NOT_FOUNDACCESS_DENIEDUNSUPPORTED_CLUSTERINTERNAL_ERRORerrorMessage -> (string)
A message describing the error if resource discovery failed.assessmentStatus -> (string)
The current assessment status of the service.
Possible values:
NOT_STARTEDPENDINGIN_PROGRESSFAILEDSUCCESSrerunAssessment -> (boolean)
Indicates whether the assessment should be rerun.openFindingsCount -> (integer)
The number of open findings for the service.resolvedFindingsCount -> (integer)
The number of resolved findings for the service.organizationId -> (string)
The AWS Organizations identifier for the service.
Constraints:
- min:
12- max:
34- pattern:
o-[a-z0-9]{10,32}ouId -> (string)
The organizational unit (OU) identifier for the service.
Constraints:
- min:
16- max:
68- pattern:
ou-[a-z0-9]{4,32}-[a-z0-9]{8,32}accountId -> (string)
The AWS account ID that owns the service.
Constraints:
- min:
12- max:
12- pattern:
[0-9]{12}createdAt -> (timestamp)
The timestamp when the service was created.updatedAt -> (timestamp)
The timestamp when the service was last updated.