Table Of Contents


User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . iot ]



Updates the definition for the specified mitigation action.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.


--action-name <value>
[--role-arn <value>]
[--action-params <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]


--action-name (string)

The friendly name for the mitigation action. You can't change the name by using UpdateMitigationAction . Instead, you must delete and re-create the mitigation action with the new name.

--role-arn (string)

The ARN of the IAM role that is used to apply the mitigation action.

--action-params (structure)

Defines the type of action and the parameters for that action.

Shorthand Syntax:


JSON Syntax:

  "updateDeviceCertificateParams": {
    "action": "DEACTIVATE"
  "updateCACertificateParams": {
    "action": "DEACTIVATE"
  "addThingsToThingGroupParams": {
    "thingGroupNames": ["string", ...],
    "overrideDynamicGroups": true|false
  "replaceDefaultPolicyVersionParams": {
    "templateName": "BLANK_POLICY"
  "enableIoTLoggingParams": {
    "roleArnForLogging": "string",
    "logLevel": "DEBUG"|"INFO"|"ERROR"|"WARN"|"DISABLED"
  "publishFindingToSnsParams": {
    "topicArn": "string"

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


To update a mitigation action

The following update-mitigation-action example updates the specified mitigation action named AddThingsToQuarantineGroupAction, changes the thing group name, and sets overrideDynamicGroups to false. You can verify your changes by using the describe-mitigation-action command.

aws iot update-mitigation-action \
    --cli-input-json "{ \"actionName\": \"AddThingsToQuarantineGroupAction\", \"actionParams\": { \"addThingsToThingGroupParams\": {\"thingGroupNames\":[\"QuarantineGroup2\"],\"overrideDynamicGroups\": false}}}"


    "actionArn": "arn:aws:iot:us-west-2:123456789012:mitigationaction/AddThingsToQuarantineGroupAction",
    "actionId": "2fd2726d-98e1-4abf-b10f-09465ccd6bfa"

For more information, see UpdateMitigationAction (Mitigation Action Commands) in the AWS IoT Developer Guide.


actionArn -> (string)

The ARN for the new mitigation action.

actionId -> (string)

A unique identifier for the mitigation action.