***Antipattern***
Count: 8
-POST  /effective-policies?thingName=thingName Gets a list of the policies that have an effect on the authorization behavior of the specified device when it connects to the AWS IoT device gateway.
-POST  /indices/cardinality Returns the approximate count of unique values that match the query.
-POST  /indices/statistics Returns the count, average, sum, minimum, maximum, sum of squares, variance, and standard deviation for the specified aggregated field. If the aggregation field is of type String, only the count statistic is returned.
-POST  /audit/suppressions/describe Gets information about a Device Defender audit suppression.
-POST  /audit/suppressions/delete Deletes a Device Defender audit suppression.
-POST  /policy-targets/policyName?marker=marker&pageSize=pageSize List targets for the specified policy.
-POST  /audit/findings Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 90 days.)
-POST  /audit/suppressions/list Lists your Device Defender audit listings.

***Pattern***
Count: 142
-DELETE  /provisioning-templates/templateName Deletes a fleet provisioning template.
-POST  /keys-and-certificate?setAsActive=setAsActive Creates a 2048-bit RSA key pair and issues an X.509 certificate using the issued public key. You can also call CreateKeysAndCertificate over MQTT from a device, for more information, see Provisioning MQTT API. This is the only time AWS IoT issues the private key for this certificate, so it is important to keep it in a secure location.
-PATCH  /dimensions/name Updates the definition for a dimension. You cannot change the type of a dimension after it is created (you can delete it and re-create it).
-GET  /audit/configuration Gets information about the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.
-PATCH  /audit/suppressions/update Updates a Device Defender audit suppression.
-GET  /indexing/config Gets the indexing configuration.
-PATCH  /cancel-certificate-transfer/certificateId Cancels a pending transfer for the specified certificate. Note Only the transfer source account can use this operation to cancel a transfer. (Transfer destinations can use RejectCertificateTransfer instead.) After transfer, AWS IoT returns the certificate to the source account in the INACTIVE state. After the destination account has accepted the transfer, the transfer cannot be cancelled. After a certificate transfer is cancelled, the status of the certificate changes from PENDING_TRANSFER to INACTIVE.
-POST  /dynamic-thing-groups/thingGroupName Creates a dynamic thing group.
-POST  /audit/mitigationactions/tasks/taskId Starts a task that applies a set of mitigation actions to the specified target.
-POST  /default-authorizer Sets the default authorizer. This will be used if a websocket connection is made without specifying an authorizer.
-POST  /thing-registration-tasks Creates a bulk thing provisioning task.
-POST  /policies/policyName/version?setAsDefault=setAsDefault Creates a new version of the specified AWS IoT policy. To update a policy, create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must use DeletePolicyVersion to delete an existing version before you create a new one. Optionally, you can set the new version as the policy's default version. The default version is the operative version (that is, the version that is in effect for the certificates to which the policy is attached).
-POST  /provisioning-templates/templateName/versions?setAsDefault=setAsDefault Creates a new version of a fleet provisioning template.
-GET  /domainConfigurations/domainConfigurationName Gets summary information about a domain configuration.
-POST  /loggingOptions Sets the logging options. NOTE: use of this command is not recommended. Use SetV2LoggingOptions instead.
-POST  /mitigationactions/actions/actionName Defines an action that can be applied to audit findings by using StartAuditMitigationActionsTask. Only certain types of mitigation actions can be applied to specific check names. For more information, see Mitigation actions. Each mitigation action can apply only one type of change.
-GET  /things/thingName/jobs?maxResults=maxResults&namespaceId=namespaceId&nextToken=nextToken&status=status Lists the job executions for the specified thing.
-GET  /domainConfigurations?marker=marker&pageSize=pageSize&serviceType=serviceType Gets a list of domain configurations for the user. This list is sorted alphabetically by domain configuration name.
-POST  /audit/suppressions/create Creates a Device Defender audit suppression.
-DELETE  /things/thingName/principals Detaches the specified principal from the specified thing. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities. This call is asynchronous. It might take several seconds for the detachment to propagate.
-GET  /billing-groups?maxResults=maxResults&namePrefixFilter=namePrefixFilter&nextToken=nextToken Lists the billing groups you have created.
-POST  /streams/streamId Creates a stream for delivering one or more large files in chunks over MQTT. A stream transports data bytes in chunks or blocks packaged as MQTT messages from a source like S3. You can have one or more files associated with a stream.
-POST  /certificates?setAsActive=setAsActive Creates an X.509 certificate using the specified certificate signing request. The CSR must include a public key that is either an RSA key with a length of at least 2048 bits or an ECC key from NIST P-256 or NIST P-384 curves. Reusing the same certificate signing request (CSR) results in a distinct certificate. You can create multiple certificates in a batch by creating a directory, copying multiple .csr files into that directory, and then specifying that directory on the command line. The following commands show how to create a batch of certificates given a batch of CSRs.
-GET  /thing-registration-tasks/taskId/reports?maxResults=maxResults&nextToken=nextToken&reportType=reportType Information about the thing registration tasks.
-PATCH  /transfer-certificate/certificateId?targetAwsAccount=targetAwsAccount Transfers the specified certificate to the specified AWS account. You can cancel the transfer until it is acknowledged by the recipient. No notification is sent to the transfer destination's account. It is up to the caller to notify the transfer target. The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate API to deactivate it. The certificate must not have any policies attached to it. You can use the DetachPrincipalPolicy API to detach them.
-GET  /cacertificates?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize Lists the CA certificates registered for your AWS account. The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.
-DELETE  /policies/policyName Deletes the specified policy. A policy cannot be deleted if it has non-default versions or it is attached to any certificate. To delete a policy, use the DeletePolicyVersion API to delete all non-default versions of the policy; use the DetachPrincipalPolicy API to detach the policy from any certificate; and then use the DeletePolicy API to delete the policy. When a policy is deleted using DeletePolicy, its default version is deleted with it.
-PUT  /target-policies/policyName Attaches a policy to the specified target.
-GET  /violation-events?endTime=endTime&maxResults=maxResults&nextToken=nextToken&securityProfileName=securityProfileName&startTime=startTime&thingName=thingName Lists the Device Defender security profile violations discovered during the given time period. You can use filters to limit the results to those alerts issued for a particular security profile, behavior, or thing (device).
-POST  /security-profile-behaviors/validate Validates a Device Defender security profile behaviors specification.
-POST  /target-policies/policyName Detaches a policy from the specified target.
-POST  /policies/policyName Creates an AWS IoT policy. The created policy is the default version for the policy. This operation creates a policy version with a version identifier of 1 and sets 1 as the policy's default version.
-PUT  /principal-policies/policyName Attaches the specified policy to the specified principal (certificate or other credential).
-GET  /loggingOptions Gets the logging options. NOTE: use of this command is not recommended. Use GetV2LoggingOptions instead.
-PATCH  /destinations Updates a topic rule destination. You use this to change the status, endpoint URL, or confirmation URL of the destination.
-POST  /billing-groups/billingGroupName Creates a billing group.
-GET  /jobs/jobId/things?maxResults=maxResults&nextToken=nextToken&status=status Lists the job executions for a job.
-PUT  /thing-groups/updateThingGroupsForThing Updates the groups to which the thing belongs.
-GET  /audit/mitigationactions/tasks/taskId Gets information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings. Properties include the actions being applied, the audit checks to which they're being applied, the task status, and aggregated task statistics.
-GET  /dimensions?maxResults=maxResults&nextToken=nextToken List the set of dimensions that are defined for your AWS account.
-GET  /audit/findings/findingId Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started.
-GET  /security-profiles-for-target?maxResults=maxResults&nextToken=nextToken&recursive=recursive&securityProfileTargetArn=securityProfileTargetArn Lists the Device Defender security profiles attached to a target (thing group).
-GET  /thing-registration-tasks?maxResults=maxResults&nextToken=nextToken&status=status List bulk thing provisioning tasks.
-PATCH  /thing-groups/thingGroupName Update a thing group.
-GET  /provisioning-templates?maxResults=maxResults&nextToken=nextToken Lists the fleet provisioning templates in your AWS account.
-GET  /role-aliases/roleAlias Describes a role alias.
-GET  /rules?maxResults=maxResults&nextToken=nextToken&ruleDisabled=ruleDisabled&topic=topic Lists the rules for the specific topic.
-GET  /principal-policies?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize Lists the policies attached to the specified principal. If you use an Cognito identity, the ID must be in AmazonCognito Identity format.
-GET  /rules/ruleName Gets information about the rule.
-GET  /role-aliases?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize Lists the role aliases registered in your account.
-GET  /endpoint?endpointType=endpointType Returns a unique endpoint specific to the AWS account making the call.
-GET  /v2LoggingLevel?maxResults=maxResults&nextToken=nextToken&targetType=targetType Lists logging levels.
-PATCH  /audit/scheduledaudits/scheduledAuditName Updates a scheduled audit, including which checks are performed and how often the audit takes place.
-GET  /policy-principals?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize Lists the principals associated with the specified policy.
-GET  /thing-types/thingTypeName Gets information about the specified thing type.
-DELETE  /jobs/jobId?force=force&namespaceId=namespaceId Deletes a job and its related job executions. Deleting a job may take time, depending on the number of job executions created for the job and various other factors. While the job is being deleted, the status of the job will be shown as "DELETION_IN_PROGRESS". Attempting to delete or cancel a job whose status is already "DELETION_IN_PROGRESS" will result in an error. Only 10 jobs may have status "DELETION_IN_PROGRESS" at the same time, or a LimitExceededException will occur.
-GET  /event-configurations Describes event configurations.
-GET  /jobs/jobId/job-document Gets a job document.
-PATCH  /accept-certificate-transfer/certificateId?setAsActive=setAsActive Accepts a pending certificate transfer. The default state of the certificate is INACTIVE. To check for pending certificate transfers, call ListCertificates to enumerate your certificates.
-POST  /things/thingName Creates a thing record in the registry. If this call is made multiple times using the same thing name and configuration, the call will succeed. If this call is made with the same thing name but different configuration a ResourceAlreadyExistsException is thrown.
-PATCH  /security-profiles/securityProfileName?expectedVersion=expectedVersion Updates a Device Defender security profile.
-DELETE  /policies/policyName/version/policyVersionId Deletes the specified version of the specified policy. You cannot delete the default version of a policy using this API. To delete the default version of a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions.
-GET  /tags?nextToken=nextToken&resourceArn=resourceArn Lists the tags (metadata) you have assigned to the resource.
-POST  /destinations Creates a topic rule destination. The destination must be confirmed prior to use.
-GET  /streams?isAscendingOrder=ascendingOrder&maxResults=maxResults&nextToken=nextToken Lists all of the streams in your AWS account.
-GET  /certificates-out-going?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize Lists certificates that are being transferred but not yet accepted.
-PATCH  /policies/policyName/version/policyVersionId Sets the specified version of the specified policy as the policy's default (operative) version. This action affects all certificates to which the policy is attached. To list the principals the policy is attached to, use the ListPrincipalPolicy API.
-GET  /things?attributeName=attributeName&attributeValue=attributeValue&maxResults=maxResults&nextToken=nextToken&thingTypeName=thingTypeName Lists your things. Use the attributeName and attributeValue parameters to filter your things. For example, calling ListThings with attributeName=Color and attributeValue=Red retrieves all things in the registry that contain an attribute Color with the value Red.
-POST  /indices/percentiles Groups the aggregated values that match the query into percentile groupings. The default percentile groupings are: 1,5,25,50,75,95,99, although you can specify your own when you call GetPercentiles. This function returns a value for each percentile group specified (or the default percentile groupings). The percentile group "1" contains the aggregated field value that occurs in approximately one percent of the values that match the query. The percentile group "5" contains the aggregated field value that occurs in approximately five percent of the values that match the query, and so on. The result is an approximation, the more values that match the query, the more accurate the percentile values.
-GET  /things/thingName/principals?maxResults=maxResults&nextToken=nextToken Lists the principals associated with the specified thing. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.
-PUT  /jobs/jobId/cancel?force=force Cancels a job.
-PATCH  /billing-groups/billingGroupName Updates information about the billing group.
-GET  /certificates-by-ca/caCertificateId?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize List the device certificates signed by the specified CA certificate.
-GET  /default-authorizer Describes the default authorizer.
-PUT  /streams/streamId Updates an existing stream. The stream version will be incremented by one.
-GET  /mitigationactions/actions?actionType=actionType&maxResults=maxResults&nextToken=nextToken Gets a list of all mitigation actions that match the specified filter criteria.
-GET  /security-profiles/securityProfileName Gets information about a Device Defender security profile.
-PATCH  /provisioning-templates/templateName Updates a fleet provisioning template.
-PUT  /role-aliases/roleAlias Updates a role alias.
-DELETE  /certificates/certificateId?forceDelete=forceDelete Deletes the specified certificate. A certificate cannot be deleted if it has a policy or IoT thing attached to it or if its status is set to ACTIVE. To delete a certificate, first use the DetachPrincipalPolicy API to detach all policies. Next, use the UpdateCertificate API to set the certificate to the INACTIVE status.
-POST  /dimensions/name Create a dimension that you can use to limit the scope of a metric used in a security profile for AWS IoT Device Defender. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric only to MQTT topics whose name match the pattern specified in the dimension.
-PATCH  /things/thingName Updates the data for a thing.
-GET  /audit/scheduledaudits?maxResults=maxResults&nextToken=nextToken Lists all of your scheduled audits.
-GET  /thing-groups?maxResults=maxResults&namePrefixFilter=namePrefixFilter&nextToken=nextToken&parentGroup=parentGroup&recursive=recursive List the thing groups in your account.
-GET  /provisioning-templates/templateName Returns information about a fleet provisioning template.
-PATCH  /audit/configuration Configures or reconfigures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.
-GET  /certificates?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize Lists the certificates registered in your AWS account. The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.
-DELETE  /audit/configuration?deleteScheduledAudits=deleteScheduledAudits Restores the default settings for Device Defender audits for this account. Any configuration data you entered is deleted and all audit checks are reset to disabled.
-POST  /test-authorization?clientId=clientId Tests if a specified principal is authorized to perform an AWS IoT action on a specified resource. Use this to test and debug the authorization behavior of devices that connect to the AWS IoT device gateway.
-GET  /authorizers/?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize&status=status Lists the authorizers registered in your account.
-POST  /rules/ruleName/disable Disables the rule.
-GET  /policies/policyName Gets information about the specified policy with the policy document of the default version.
-GET  /thing-registration-tasks/taskId Describes a bulk thing provisioning task.
-PUT  /things/thingName/principals Attaches the specified principal to the specified thing. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.
-POST  /cacertificate?allowAutoRegistration=allowAutoRegistration&setAsActive=setAsActive Registers a CA certificate with AWS IoT. This CA certificate can then be used to sign device certificates, which can be then registered with AWS IoT. You can register up to 10 CA certificates per AWS account that have the same subject field. This enables you to have up to 10 certificate authorities sign your device certificates. If you have more than one CA certificate registered, make sure you pass the CA certificate when you register your device certificates with the RegisterCertificate API.
-PUT  /thing-groups/removeThingFromThingGroup Remove the specified thing from the specified group. You must specify either a thingGroupArn or a thingGroupName to identify the thing group and either a thingArn or a thingName to identify the thing to remove from the thing group.
-GET  /active-violations?maxResults=maxResults&nextToken=nextToken&securityProfileName=securityProfileName&thingName=thingName Lists the active violations for a given Device Defender security profile.
-GET  /policies/policyName/version/policyVersionId Gets information about the specified policy version.
-GET  /things/thingName/thing-groups?maxResults=maxResults&nextToken=nextToken List the thing groups to which the specified thing belongs.
-POST  /tags Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource.
-GET  /policies/policyName/version Lists the versions of the specified policy and identifies the default version.
-GET  /confirmdestination/confirmationToken+ Confirms a topic rule destination. When you create a rule requiring a destination, AWS IoT sends a confirmation message to the endpoint or base address you specify. The message includes a token which you pass back when calling ConfirmTopicRuleDestination to confirm that you own or have access to the endpoint.
-GET  /v2LoggingOptions Gets the fine grained logging options.
-POST  /authorizer/authorizerName/test Tests a custom authorization behavior by invoking a specified custom authorizer. Use this to test and debug the custom authorization behavior of devices that connect to the AWS IoT device gateway.
-GET  /security-profiles/securityProfileName/targets?maxResults=maxResults&nextToken=nextToken Lists the targets (thing groups) associated with a given Device Defender security profile.
-POST  /audit/tasks Starts an on-demand Device Defender audit.
-GET  /destinations?maxResults=maxResults&nextToken=nextToken Lists all the topic rule destinations in your AWS account.
-POST  /jobs/jobId/targets?namespaceId=namespaceId Associates a group with a continuous job. The following criteria must be met: The job must have been created with the targetSelection field set to "CONTINUOUS". The job status must currently be "IN_PROGRESS". The total number of targets associated with a job must not exceed 100.
-PUT  /certificates/certificateId?newStatus=newStatus Updates the status of the specified certificate. This operation is idempotent. Certificates must be in the ACTIVE state to authenticate devices that use a certificate to connect to AWS IoT. Within a few minutes of updating a certificate from the ACTIVE state to any other state, AWS IoT disconnects all devices that used that certificate to connect. Devices cannot use a certificate that is not in the ACTIVE state to reconnect.
-POST  /rules/ruleName/enable Enables the rule.
-PUT  /domainConfigurations/domainConfigurationName Updates values stored in the domain configuration. Domain configurations for default endpoints can't be updated.
-PUT  /thing-groups/addThingToThingGroup Adds a thing to a thing group.
-GET  /billing-groups/billingGroupName/things?maxResults=maxResults&nextToken=nextToken Lists the things you have added to the given billing group.
-DELETE  /default-authorizer Clears the default authorizer.
-GET  /thing-types?maxResults=maxResults&nextToken=nextToken&thingTypeName=thingTypeName Lists the existing thing types.
-GET  /provisioning-templates/templateName/versions?maxResults=maxResults&nextToken=nextToken A list of fleet provisioning template versions.
-POST  /rules/ruleName Creates a rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.
-GET  /indices?maxResults=maxResults&nextToken=nextToken Lists the search indices.
-GET  /audit/tasks?endTime=endTime&maxResults=maxResults&nextToken=nextToken&startTime=startTime&taskStatus=taskStatus&taskType=taskType Lists the Device Defender audits that have been performed during a given time period.
-PUT  /things/thingName/jobs/jobId/cancel?force=force Cancels the execution of a job for a given thing.
-GET  /audit/tasks/taskId Gets information about a Device Defender audit.
-GET  /policies?isAscendingOrder=ascendingOrder&marker=marker&pageSize=pageSize Lists your policies.
-DELETE  /thing-types/thingTypeName Deletes the specified thing type. You cannot delete a thing type if it has things associated with it. To delete a thing type, first mark it as deprecated by calling DeprecateThingType, then remove any associated things by calling UpdateThing to change the thing type on any associated thing, and finally use DeleteThingType to delete the thing type.
-GET  /jobs?maxResults=maxResults&namespaceId=namespaceId&nextToken=nextToken&status=status&targetSelection=targetSelection&thingGroupId=thingGroupId&thingGroupName=thingGroupName Lists jobs.
-PATCH  /jobs/jobId?namespaceId=namespaceId Updates supported fields of the specified job.
-DELETE  /security-profiles/securityProfileName/targets?securityProfileTargetArn=securityProfileTargetArn Disassociates a Device Defender security profile from a thing group or from this account.
-DELETE  /things/thingName?expectedVersion=expectedVersion Deletes the specified thing. Returns successfully with no error if the deletion is successful or you specify a thing that doesn't exist.
-PUT  /audit/tasks/taskId/cancel Cancels an audit that is in progress. The audit can be either scheduled or on-demand. If the audit is not in progress, an "InvalidRequestException" occurs.
-DELETE  /provisioning-templates/templateName/versions/versionId Deletes a fleet provisioning template version.
-PUT  /audit/mitigationactions/tasks/taskId/cancel Cancels a mitigation action task that is in progress. If the task is not in progress, an InvalidRequestException occurs.
-PUT  /security-profiles/securityProfileName/targets?securityProfileTargetArn=securityProfileTargetArn Associates a Device Defender security profile with a thing group or this account. Each thing group or account can have up to five security profiles associated with it.
-GET  /thing-groups/thingGroupName/things?maxResults=maxResults&nextToken=nextToken&recursive=recursive Lists the things in the specified group.
-POST  /indices/search The query search index.
-PUT  /authorizer/authorizerName Updates an authorizer.
-GET  /thing-groups/thingGroupName Describe a thing group.
-PATCH  /dynamic-thing-groups/thingGroupName Updates a dynamic thing group.
-POST  /indexing/config Updates the search configuration.
-GET  /provisioning-templates/templateName/versions/versionId Returns information about a fleet provisioning template version.
-PATCH  /rules/ruleName Replaces the rule. You must specify all parameters for the new rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.
-GET  /principals/things?maxResults=maxResults&nextToken=nextToken Lists the things associated with the specified principal. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.
-PUT  /billing-groups/addThingToBillingGroup Adds a thing to a billing group.
-GET  /security-profiles?dimensionName=dimensionName&maxResults=maxResults&nextToken=nextToken Lists the Device Defender security profiles you have created. You can use filters to list only those security profiles associated with a thing group or only those associated with your account.
