Table Of Contents


User Guide

First time using the AWS CLI? See the User Guide for help getting started.

Note: You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . cloudcontrol ]



Updates the specified property values in the resource.

You specify your resource property updates as a list of patch operations contained in a JSON patch document that adheres to the ` RFC 6902 - JavaScript Object Notation (JSON) Patch`__ standard.

For details on how Cloud Control API performs resource update operations, see Updating a resource in the Amazon Web Services Cloud Control API User Guide .

After you have initiated a resource update request, you can monitor the progress of your request by calling GetResourceRequestStatus using the RequestToken of the ProgressEvent returned by UpdateResource .

For more information about the properties of a specific resource, refer to the related topic for the resource in the Resource and property types reference in the Amazon Web Services CloudFormation Users Guide .

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.


--type-name <value>
[--type-version-id <value>]
[--role-arn <value>]
[--client-token <value>]
--identifier <value>
--patch-document <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]


--type-name (string)

The name of the resource type.

--type-version-id (string)

For private resource types, the type version to use in this resource operation. If you do not specify a resource version, CloudFormation uses the default version.

--role-arn (string)

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) for Cloud Control API to use when performing this resource operation. The role specified must have the permissions required for this operation. The necessary permissions for each event handler are defined in the `` handlers `` section of the resource type definition schema .

If you do not specify a role, Cloud Control API uses a temporary session created using your Amazon Web Services user credentials.

For more information, see Specifying credentials in the Amazon Web Services Cloud Control API User Guide .

--client-token (string)

A unique identifier to ensure the idempotency of the resource request. As a best practice, specify this token to ensure idempotency, so that Amazon Web Services Cloud Control API can accurately distinguish between request retries and new resource requests. You might retry a resource request to ensure that it was successfully received.

A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request.

If you do not specify a client token, one is generated for inclusion in the request.

For more information, see Ensuring resource operation requests are unique in the Amazon Web Services Cloud Control API User Guide .

--identifier (string)

The identifier for the resource.

You can specify the primary identifier, or any secondary identifier defined for the resource type in its resource schema. You can only specify one identifier. Primary identifiers can be specified as a string or JSON; secondary identifiers must be specified as JSON.

For compound primary identifiers (that is, one that consists of multiple resource properties strung together), to specify the primary identifier as a string, list the property values in the order they are specified in the primary identifier definition, separated by | .

For more information, see Identifying resources in the Amazon Web Services Cloud Control API User Guide .

--patch-document (string)

A JavaScript Object Notation (JSON) document listing the patch operations that represent the updates to apply to the current resource properties. For details, see Composing the patch document in the Amazon Web Services Cloud Control API User Guide .

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


To update the properties of an existing resource

The following update-resource example updates the retention policy of an AWS::Logs::LogGroup resource named ExampleLogGroup to 90 days.

aws cloudcontrol update-resource \
    --type-name AWS::Logs::LogGroup \
    --identifier ExampleLogGroup \
    --patch-document "[{\"op\":\"replace\",\"path\":\"/RetentionInDays\",\"value\":90}]"


    "ProgressEvent": {
        "EventTime": "2021-08-09T18:17:15.219Z",
        "TypeName": "AWS::Logs::LogGroup",
        "OperationStatus": "IN_PROGRESS",
        "Operation": "UPDATE",
        "Identifier": "ExampleLogGroup",
        "RequestToken": "5f40c577-3534-4b20-9599-0b0123456789"

For more information, see Updating a resource in the Cloud Control API User Guide.


ProgressEvent -> (structure)

Represents the current status of the resource update request.

Use the RequestToken of the ProgressEvent with GetResourceRequestStatus to return the current status of a resource operation request.

TypeName -> (string)

The name of the resource type used in the operation.

Identifier -> (string)

The primary identifier for the resource.


In some cases, the resource identifier may be available before the resource operation has reached a status of SUCCESS .

RequestToken -> (string)

The unique token representing this resource operation request.

Use the RequestToken with GetResourceRequestStatus to return the current status of a resource operation request.

Operation -> (string)

The resource operation type.

OperationStatus -> (string)

The current status of the resource operation request.

  • PENDING : The resource operation has not yet started.
  • IN_PROGRESS : The resource operation is currently in progress.
  • SUCCESS : The resource operation has successfully completed.
  • FAILED : The resource operation has failed. Refer to the error code and status message for more information.
  • CANCEL_IN_PROGRESS : The resource operation is in the process of being canceled.
  • CANCEL_COMPLETE : The resource operation has been canceled.

EventTime -> (timestamp)

When the resource operation request was initiated.

ResourceModel -> (string)

A JSON string containing the resource model, consisting of each resource property and its current value.

StatusMessage -> (string)

Any message explaining the current status.

ErrorCode -> (string)

For requests with a status of FAILED , the associated error code.

For error code definitions, see Handler error codes in the CloudFormation Command Line Interface User Guide for Extension Development .

RetryAfter -> (timestamp)

When to next request the status of this resource operation request.