:doc:`CloudWatchObservabilityAdminService <../../observabilityadmin>` / Client / create_telemetry_rule_for_organization

**************************************
create_telemetry_rule_for_organization
**************************************



.. py:method:: CloudWatchObservabilityAdminService.Client.create_telemetry_rule_for_organization(**kwargs)

  

  Creates a telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/observabilityadmin-2018-05-10/CreateTelemetryRuleForOrganization>`_  


  **Request Syntax**
  ::

    response = client.create_telemetry_rule_for_organization(
        RuleName='string',
        Rule={
            'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
            'TelemetryType': 'Logs'|'Metrics'|'Traces',
            'TelemetrySourceTypes': [
                'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
            ],
            'DestinationConfiguration': {
                'DestinationType': 'cloud-watch-logs',
                'DestinationPattern': 'string',
                'RetentionInDays': 123,
                'VPCFlowLogParameters': {
                    'LogFormat': 'string',
                    'TrafficType': 'string',
                    'MaxAggregationInterval': 123
                },
                'CloudtrailParameters': {
                    'AdvancedEventSelectors': [
                        {
                            'Name': 'string',
                            'FieldSelectors': [
                                {
                                    'Field': 'string',
                                    'Equals': [
                                        'string',
                                    ],
                                    'StartsWith': [
                                        'string',
                                    ],
                                    'EndsWith': [
                                        'string',
                                    ],
                                    'NotEquals': [
                                        'string',
                                    ],
                                    'NotStartsWith': [
                                        'string',
                                    ],
                                    'NotEndsWith': [
                                        'string',
                                    ]
                                },
                            ]
                        },
                    ]
                },
                'ELBLoadBalancerLoggingParameters': {
                    'OutputFormat': 'plain'|'json',
                    'FieldDelimiter': 'string'
                },
                'WAFLoggingParameters': {
                    'RedactedFields': [
                        {
                            'SingleHeader': {
                                'Name': 'string'
                            },
                            'UriPath': 'string',
                            'QueryString': 'string',
                            'Method': 'string'
                        },
                    ],
                    'LoggingFilter': {
                        'Filters': [
                            {
                                'Behavior': 'KEEP'|'DROP',
                                'Requirement': 'MEETS_ALL'|'MEETS_ANY',
                                'Conditions': [
                                    {
                                        'ActionCondition': {
                                            'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
                                        },
                                        'LabelNameCondition': {
                                            'LabelName': 'string'
                                        }
                                    },
                                ]
                            },
                        ],
                        'DefaultBehavior': 'KEEP'|'DROP'
                    },
                    'LogType': 'WAF_LOGS'
                },
                'LogDeliveryParameters': {
                    'LogTypes': [
                        'APPLICATION_LOGS'|'USAGE_LOGS',
                    ]
                }
            },
            'Scope': 'string',
            'SelectionCriteria': 'string'
        },
        Tags={
            'string': 'string'
        }
    )
    
  :type RuleName: string
  :param RuleName: **[REQUIRED]** 

    A unique name for the organization-wide telemetry rule being created.

    

  
  :type Rule: dict
  :param Rule: **[REQUIRED]** 

    The configuration details for the organization-wide telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to across the organization.

    

  
    - **ResourceType** *(string) --* 

      The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").

      

    
    - **TelemetryType** *(string) --* **[REQUIRED]** 

      The type of telemetry to collect (Logs, Metrics, or Traces).

      

    
    - **TelemetrySourceTypes** *(list) --* 

      The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.

      

    
      - *(string) --* 

        Specifies the type of telemetry source for a resource, such as EKS cluster logs.

        

      
  
    - **DestinationConfiguration** *(dict) --* 

      Configuration specifying where and how the telemetry data should be delivered.

      

    
      - **DestinationType** *(string) --* 

        The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").

        

      
      - **DestinationPattern** *(string) --* 

        The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

        

      
      - **RetentionInDays** *(integer) --* 

        The number of days to retain the telemetry data in the destination.

        

      
      - **VPCFlowLogParameters** *(dict) --* 

        Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

        

      
        - **LogFormat** *(string) --* 

          The format in which VPC Flow Log entries should be logged.

          

        
        - **TrafficType** *(string) --* 

          The type of traffic to log (ACCEPT, REJECT, or ALL).

          

        
        - **MaxAggregationInterval** *(integer) --* 

          The maximum interval in seconds between the capture of flow log records.

          

        
      
      - **CloudtrailParameters** *(dict) --* 

        Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.

        

      
        - **AdvancedEventSelectors** *(list) --* **[REQUIRED]** 

          The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.

          

        
          - *(dict) --* 

            Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.

            

          
            - **Name** *(string) --* 

              An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".

              

            
            - **FieldSelectors** *(list) --* **[REQUIRED]** 

              Contains all selector statements in an advanced event selector.

              

            
              - *(dict) --* 

                Defines criteria for selecting resources based on field values.

                

              
                - **Field** *(string) --* **[REQUIRED]** 

                  The name of the field to use for selection.

                  

                
                - **Equals** *(list) --* 

                  Matches if the field value equals the specified value.

                  

                
                  - *(string) --* 

                  
              
                - **StartsWith** *(list) --* 

                  Matches if the field value starts with the specified value.

                  

                
                  - *(string) --* 

                  
              
                - **EndsWith** *(list) --* 

                  Matches if the field value ends with the specified value.

                  

                
                  - *(string) --* 

                  
              
                - **NotEquals** *(list) --* 

                  Matches if the field value does not equal the specified value.

                  

                
                  - *(string) --* 

                  
              
                - **NotStartsWith** *(list) --* 

                  Matches if the field value does not start with the specified value.

                  

                
                  - *(string) --* 

                  
              
                - **NotEndsWith** *(list) --* 

                  Matches if the field value does not end with the specified value.

                  

                
                  - *(string) --* 

                  
              
              
          
          
      
      
      - **ELBLoadBalancerLoggingParameters** *(dict) --* 

        Configuration parameters specific to ELB load balancer logging when ELB is the resource type.

        

      
        - **OutputFormat** *(string) --* 

          The format for ELB access log entries (plain text or JSON format).

          

        
        - **FieldDelimiter** *(string) --* 

          The delimiter character used to separate fields in ELB access log entries when using plain text format.

          

        
      
      - **WAFLoggingParameters** *(dict) --* 

        Configuration parameters specific to WAF logging when WAF is the resource type.

        

      
        - **RedactedFields** *(list) --* 

          The fields to redact from WAF logs to protect sensitive information.

          

        
          - *(dict) --* 

            Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.

            

          
            - **SingleHeader** *(dict) --* 

              Redacts a specific header field by name from WAF logs.

              

            
              - **Name** *(string) --* 

                The name value, limited to 64 characters.

                

              
            
            - **UriPath** *(string) --* 

              Redacts the URI path from WAF logs.

              

            
            - **QueryString** *(string) --* 

              Redacts the entire query string from WAF logs.

              

            
            - **Method** *(string) --* 

              Redacts the HTTP method from WAF logs.

              

            
          
      
        - **LoggingFilter** *(dict) --* 

          A filter configuration that determines which WAF log records to include or exclude.

          

        
          - **Filters** *(list) --* 

            A list of filter conditions that determine log record handling behavior.

            

          
            - *(dict) --* 

              A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.

              

            
              - **Behavior** *(string) --* 

                The action to take for log records matching this filter (KEEP or DROP).

                

              
              - **Requirement** *(string) --* 

                Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.

                

              
              - **Conditions** *(list) --* 

                The list of conditions that determine if a log record matches this filter.

                

              
                - *(dict) --* 

                  A single condition that can match based on WAF rule action or label name.

                  

                
                  - **ActionCondition** *(dict) --* 

                    Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).

                    

                  
                    - **Action** *(string) --* 

                      The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).

                      

                    
                  
                  - **LabelNameCondition** *(dict) --* 

                    Matches log records based on WAF rule labels applied to the request.

                    

                  
                    - **LabelName** *(string) --* 

                      The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.

                      

                    
                  
                
            
            
        
          - **DefaultBehavior** *(string) --* 

            The default action (KEEP or DROP) for log records that don't match any filter conditions.

            

          
        
        - **LogType** *(string) --* 

          The type of WAF logs to collect (currently supports WAF_LOGS).

          

        
      
      - **LogDeliveryParameters** *(dict) --* 

        Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.

        

      
        - **LogTypes** *(list) --* 

          The type of log that the source is sending.

          

        
          - *(string) --* 

          
      
      
    
    - **Scope** *(string) --* 

      The organizational scope to which the rule applies, specified using accounts or organizational units.

      

    
    - **SelectionCriteria** *(string) --* 

      Criteria for selecting which resources the rule applies to, such as resource tags.

      

    
  
  :type Tags: dict
  :param Tags: 

    The key-value pairs to associate with the organization telemetry rule resource for categorization and management purposes.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'RuleArn': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **RuleArn** *(string) --* 

        The Amazon Resource Name (ARN) of the created organization telemetry rule.

        
  
  **Exceptions**
  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.ConflictException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.InternalServerException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.ValidationException`

  
  *   :py:class:`CloudWatchObservabilityAdminService.Client.exceptions.TooManyRequestsException`

  