L1 ConstructAWS::AIOps::InvestigationGroup

CfnInvestigationGroup

Creates an *investigation group* in your account. Creating an investigation group is a one-time setup task for each Region in your account. It is a necessary task to be able to perform investigations. Settings in the investigation group help you centrally manage the common properties of your investigations, such as the following: - Who can access the investigations - Whether investigation data is encrypted with a customer managed AWS Key Management Service key. - How long investigations and their data are retained by default. Currently, you can have one investigation group in each Region in your account. Each investigation in a Region is a part of the investigation group in that Region To create an investigation group and set up CloudWatch investigations, you must be signed in to an IAM principal that has either the `AIOpsConsoleAdminPolicy` or the `AdministratorAccess` IAM policy attached, or to an account that has similar permissions. > You can configure CloudWatch alarms to start investigations and add events to investigations. If you create your investigation group with `CreateInvestigationGroup` and you want to enable alarms to do this, you must use `PutInvestigationGroupPolicy` to create a resource policy that grants this permission to CloudWatch alarms. > > For more information about configuring CloudWatch alarms, see [Using Amazon CloudWatch alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html)

Import

import { CfnInvestigationGroup } from 'aws-cdk-lib/aws-aiops';

Or use the module namespace:

import * as aiops from 'aws-cdk-lib/aws-aiops';
// aiops.CfnInvestigationGroup

Properties

Configuration passed to the constructor as CfnInvestigationGroupProps.

nameRequired

string

Specify either the name or the ARN of the investigation group that you want to view. This is used to set the name of the investigation group.

chatbotNotificationChannelsOptional

IResolvable | IResolvable | ChatbotNotificationChannelProperty[]

Use this property to integrate CloudWatch investigations with chat applications. This property is an array. For the first string, specify the ARN of an Amazon topic. For the array of strings, specify the ARNs of one or more chat applications configurations that you want to associate with that topic. For more information about these configuration ARNs, see [Getting started with Amazon Q in chat applications](https://docs.aws.amazon.com/chatbot/latest/adminguide/getting-started.html) and [Resource type defined by AWS Chatbot](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awschatbot.html#awschatbot-resources-for-iam-policies) .

crossAccountConfigurationsOptional

IResolvable | IResolvable | CrossAccountConfigurationProperty[]

List of `sourceRoleArn` values that have been configured for cross-account access.

encryptionConfigOptional

IResolvable | EncryptionConfigMapProperty

Specifies the customer managed AWS key that the investigation group uses to encrypt data, if there is one. If not, the investigation group uses an AWS key to encrypt the data.

investigationGroupPolicyOptional

string

Returns the JSON of the IAM resource policy associated with the specified investigation group in a string. For example, `{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"aiops.alarms.cloudwatch.amazonaws.com\"},\"Action\":[\"aiops:CreateInvestigation\",\"aiops:CreateInvestigationEvent\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"111122223333\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:cloudwatch:us-east-1:111122223333:alarm:*\"}}}]}` .

isCloudTrailEventHistoryEnabledOptional

boolean | IResolvable

Specify `true` to enable CloudWatch investigations to have access to change events that are recorded by CloudTrail. The default is `true` .

retentionInDaysOptional

number

Specifies how long that investigation data is kept.

roleArnOptional

string

The ARN of the IAM role that the investigation group uses for permissions to gather data.

tagKeyBoundariesOptional

string[]

Displays the custom tag keys for custom applications in your system that you have specified in the investigation group. Resource tags help CloudWatch investigations narrow the search space when it is unable to discover definite relationships between resources.

tagsOptional

CfnTag[]

The list of key-value pairs to associate with the resource.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::AIOps::InvestigationGroupView in CloudFormation Explorer

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL1 (CloudFormation)

Moduleaws-aiops

CFN TypeAWS::AIOps::InvestigationGroup

Properties10

Explore This Service

External Links

CDK API Documentation