Package software.amazon.awscdk.services.iot

Interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy

Enclosing class:

CfnAccountAuditConfiguration

@Stability(Stable)
public static interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty
extends software.amazon.jsii.JsiiSerializable

The types of audit checks that can be performed.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.iot.*;
 AuditCheckConfigurationsProperty auditCheckConfigurationsProperty = AuditCheckConfigurationsProperty.builder()
         .authenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .caCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .caCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .conflictingClientIdsCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .deviceCertificateAgeCheck(DeviceCertAgeAuditCheckConfigurationProperty.builder()
                 .configuration(CertAgeCheckCustomConfigurationProperty.builder()
                         .certAgeThresholdInDays("certAgeThresholdInDays")
                         .build())
                 .enabled(false)
                 .build())
         .deviceCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .deviceCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .deviceCertificateSharedCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .intermediateCaRevokedForActiveDeviceCertificatesCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .iotPolicyOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .ioTPolicyPotentialMisConfigurationCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .iotRoleAliasAllowsAccessToUnusedServicesCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .iotRoleAliasOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .loggingDisabledCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .revokedCaCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .revokedDeviceCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .unauthenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder	A builder for CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty
static final class	CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy	An implementation for CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Method Summary

Modifier and Type	Method	Description
static CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder	builder()
default Object	getAuthenticatedCognitoRoleOverlyPermissiveCheck()	Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
default Object	getCaCertificateExpiringCheck()	Checks if a CA certificate is expiring.
default Object	getCaCertificateKeyQualityCheck()	Checks the quality of the CA certificate key.
default Object	getConflictingClientIdsCheck()	Checks if multiple devices connect using the same client ID.
default Object	getDeviceCertificateAgeCheck()	Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
default Object	getDeviceCertificateExpiringCheck()	Checks if a device certificate is expiring.
default Object	getDeviceCertificateKeyQualityCheck()	Checks the quality of the device certificate key.
default Object	getDeviceCertificateSharedCheck()	Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
default Object	getIntermediateCaRevokedForActiveDeviceCertificatesCheck()	Checks if device certificates are still active despite being revoked by an intermediate CA.
default Object	getIotPolicyOverlyPermissiveCheck()	Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
default Object	getIoTPolicyPotentialMisConfigurationCheck()	Checks if an AWS IoT policy is potentially misconfigured.
default Object	getIotRoleAliasAllowsAccessToUnusedServicesCheck()	Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
default Object	getIotRoleAliasOverlyPermissiveCheck()	Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
default Object	getLoggingDisabledCheck()	Checks if AWS IoT logs are disabled.
default Object	getRevokedCaCertificateStillActiveCheck()	Checks if a revoked CA certificate is still active.
default Object	getRevokedDeviceCertificateStillActiveCheck()	Checks if a revoked device certificate is still active.
default Object	getUnauthenticatedCognitoRoleOverlyPermissiveCheck()	Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getAuthenticatedCognitoRoleOverlyPermissiveCheck

@Stability(Stable)
@Nullable
default Object getAuthenticatedCognitoRoleOverlyPermissiveCheck()

Checks the permissiveness of an authenticated Amazon Cognito identity pool role.

For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-authenticatedcognitoroleoverlypermissivecheck

getCaCertificateExpiringCheck

@Stability(Stable)
@Nullable
default Object getCaCertificateExpiringCheck()

Checks if a CA certificate is expiring.

This check applies to CA certificates expiring within 30 days or that have expired.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificateexpiringcheck

getCaCertificateKeyQualityCheck

@Stability(Stable)
@Nullable
default Object getCaCertificateKeyQualityCheck()

Checks the quality of the CA certificate key.

The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificatekeyqualitycheck

getConflictingClientIdsCheck

@Stability(Stable)
@Nullable
default Object getConflictingClientIdsCheck()

Checks if multiple devices connect using the same client ID.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-conflictingclientidscheck

getDeviceCertificateAgeCheck

@Stability(Stable)
@Nullable
default Object getDeviceCertificateAgeCheck()

Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.

Returns union: either IResolvable or CfnAccountAuditConfiguration.DeviceCertAgeAuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateagecheck

getDeviceCertificateExpiringCheck

@Stability(Stable)
@Nullable
default Object getDeviceCertificateExpiringCheck()

Checks if a device certificate is expiring.

By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateexpiringcheck

getDeviceCertificateKeyQualityCheck

@Stability(Stable)
@Nullable
default Object getDeviceCertificateKeyQualityCheck()

Checks the quality of the device certificate key.

The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatekeyqualitycheck

getDeviceCertificateSharedCheck

@Stability(Stable)
@Nullable
default Object getDeviceCertificateSharedCheck()

Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatesharedcheck

getIntermediateCaRevokedForActiveDeviceCertificatesCheck

@Stability(Stable)
@Nullable
default Object getIntermediateCaRevokedForActiveDeviceCertificatesCheck()

Checks if device certificates are still active despite being revoked by an intermediate CA.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-intermediatecarevokedforactivedevicecertificatescheck

getIotPolicyOverlyPermissiveCheck

@Stability(Stable)
@Nullable
default Object getIotPolicyOverlyPermissiveCheck()

Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicyoverlypermissivecheck

getIoTPolicyPotentialMisConfigurationCheck

@Stability(Stable)
@Nullable
default Object getIoTPolicyPotentialMisConfigurationCheck()

Checks if an AWS IoT policy is potentially misconfigured.

Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicypotentialmisconfigurationcheck

getIotRoleAliasAllowsAccessToUnusedServicesCheck

@Stability(Stable)
@Nullable
default Object getIotRoleAliasAllowsAccessToUnusedServicesCheck()

Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasallowsaccesstounusedservicescheck

getIotRoleAliasOverlyPermissiveCheck

@Stability(Stable)
@Nullable
default Object getIotRoleAliasOverlyPermissiveCheck()

Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasoverlypermissivecheck

getLoggingDisabledCheck

@Stability(Stable)
@Nullable
default Object getLoggingDisabledCheck()

Checks if AWS IoT logs are disabled.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-loggingdisabledcheck

getRevokedCaCertificateStillActiveCheck

@Stability(Stable)
@Nullable
default Object getRevokedCaCertificateStillActiveCheck()

Checks if a revoked CA certificate is still active.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokedcacertificatestillactivecheck

getRevokedDeviceCertificateStillActiveCheck

@Stability(Stable)
@Nullable
default Object getRevokedDeviceCertificateStillActiveCheck()

Checks if a revoked device certificate is still active.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokeddevicecertificatestillactivecheck

getUnauthenticatedCognitoRoleOverlyPermissiveCheck

@Stability(Stable)
@Nullable
default Object getUnauthenticatedCognitoRoleOverlyPermissiveCheck()

Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

Returns union: either IResolvable or CfnAccountAuditConfiguration.AuditCheckConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-unauthenticatedcognitoroleoverlypermissivecheck

builder

@Stability(Stable)
static CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder builder()

Returns:

a CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder of CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty