CfnAccountAuditConfigurationPropsMixin

class aws_cdk.mixins_preview.aws_iot.mixins.CfnAccountAuditConfigurationPropsMixin(props, *, strategy=None)

Bases: Mixin

Use the AWS::IoT::AccountAuditConfiguration resource to configure or reconfigure the Device Defender audit settings for your account.

Settings include how audit notifications are sent and which audit checks are enabled or disabled. For API reference, see UpdateAccountAuditConfiguration and for detailed information on all available audit checks, see Audit checks .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html
CloudformationResource:: AWS::IoT::AccountAuditConfiguration
Mixin:: true
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_iot import mixins as iot_mixins

cfn_account_audit_configuration_props_mixin = iot_mixins.CfnAccountAuditConfigurationPropsMixin(iot_mixins.CfnAccountAuditConfigurationMixinProps(
    account_id="accountId",
    audit_check_configurations=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationsProperty(
        authenticated_cognito_role_overly_permissive_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        ca_certificate_expiring_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        ca_certificate_key_quality_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        conflicting_client_ids_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        device_certificate_age_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.DeviceCertAgeAuditCheckConfigurationProperty(
            configuration=iot_mixins.CfnAccountAuditConfigurationPropsMixin.CertAgeCheckCustomConfigurationProperty(
                cert_age_threshold_in_days="certAgeThresholdInDays"
            ),
            enabled=False
        ),
        device_certificate_expiring_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        device_certificate_key_quality_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        device_certificate_shared_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        intermediate_ca_revoked_for_active_device_certificates_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        iot_policy_overly_permissive_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        io_tPolicy_potential_mis_configuration_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        iot_role_alias_allows_access_to_unused_services_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        iot_role_alias_overly_permissive_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        logging_disabled_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        revoked_ca_certificate_still_active_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        revoked_device_certificate_still_active_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        ),
        unauthenticated_cognito_role_overly_permissive_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
            enabled=False
        )
    ),
    audit_notification_target_configurations=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditNotificationTargetConfigurationsProperty(
        sns=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditNotificationTargetProperty(
            enabled=False,
            role_arn="roleArn",
            target_arn="targetArn"
        )
    ),
    role_arn="roleArn"
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::IoT::AccountAuditConfiguration.

Parameters:

props (Union[CfnAccountAuditConfigurationMixinProps, Dict[str, Any]]) – L1 properties to apply.
strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:: construct (IConstruct)
Return type:: IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:: construct (IConstruct)
Return type:: bool

Attributes

CFN_PROPERTY_KEYS = ['accountId', 'auditCheckConfigurations', 'auditNotificationTargetConfigurations', 'roleArn']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Mixin.
Stability:: experimental

AuditCheckConfigurationProperty

class CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(*, enabled=None)

Bases: object

Which audit checks are enabled and disabled for this account.

Parameters:: enabled (Union[bool, IResolvable, None]) – True if this audit check is enabled for this account.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_iot import mixins as iot_mixins

audit_check_configuration_property = iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
    enabled=False
)

Attributes

enabled

True if this audit check is enabled for this account.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfiguration-enabled

AuditCheckConfigurationsProperty

class CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationsProperty(*, authenticated_cognito_role_overly_permissive_check=None, ca_certificate_expiring_check=None, ca_certificate_key_quality_check=None, conflicting_client_ids_check=None, device_certificate_age_check=None, device_certificate_expiring_check=None, device_certificate_key_quality_check=None, device_certificate_shared_check=None, intermediate_ca_revoked_for_active_device_certificates_check=None, iot_policy_overly_permissive_check=None, io_t_policy_potential_mis_configuration_check=None, iot_role_alias_allows_access_to_unused_services_check=None, iot_role_alias_overly_permissive_check=None, logging_disabled_check=None, revoked_ca_certificate_still_active_check=None, revoked_device_certificate_still_active_check=None, unauthenticated_cognito_role_overly_permissive_check=None)

Bases: object

The types of audit checks that can be performed.

Parameters:

authenticated_cognito_role_overly_permissive_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
ca_certificate_expiring_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
ca_certificate_key_quality_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
conflicting_client_ids_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if multiple devices connect using the same client ID.
device_certificate_age_check (Union[IResolvable, DeviceCertAgeAuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
device_certificate_expiring_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if a device certificate is expiring. By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.
device_certificate_key_quality_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
device_certificate_shared_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
intermediate_ca_revoked_for_active_device_certificates_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if device certificates are still active despite being revoked by an intermediate CA.
iot_policy_overly_permissive_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
io_t_policy_potential_mis_configuration_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
iot_role_alias_allows_access_to_unused_services_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if a role alias has access to services that haven’t been used for the AWS IoT device in the last year.
iot_role_alias_overly_permissive_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
logging_disabled_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if AWS IoT logs are disabled.
revoked_ca_certificate_still_active_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if a revoked CA certificate is still active.
revoked_device_certificate_still_active_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if a revoked device certificate is still active.
unauthenticated_cognito_role_overly_permissive_check (Union[IResolvable, AuditCheckConfigurationProperty, Dict[str, Any], None]) – Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_iot import mixins as iot_mixins

audit_check_configurations_property = iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationsProperty(
    authenticated_cognito_role_overly_permissive_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    ca_certificate_expiring_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    ca_certificate_key_quality_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    conflicting_client_ids_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    device_certificate_age_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.DeviceCertAgeAuditCheckConfigurationProperty(
        configuration=iot_mixins.CfnAccountAuditConfigurationPropsMixin.CertAgeCheckCustomConfigurationProperty(
            cert_age_threshold_in_days="certAgeThresholdInDays"
        ),
        enabled=False
    ),
    device_certificate_expiring_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    device_certificate_key_quality_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    device_certificate_shared_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    intermediate_ca_revoked_for_active_device_certificates_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    iot_policy_overly_permissive_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    io_tPolicy_potential_mis_configuration_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    iot_role_alias_allows_access_to_unused_services_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    iot_role_alias_overly_permissive_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    logging_disabled_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    revoked_ca_certificate_still_active_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    revoked_device_certificate_still_active_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    ),
    unauthenticated_cognito_role_overly_permissive_check=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditCheckConfigurationProperty(
        enabled=False
    )
)

Attributes

authenticated_cognito_role_overly_permissive_check

Checks the permissiveness of an authenticated Amazon Cognito identity pool role.

For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-authenticatedcognitoroleoverlypermissivecheck

ca_certificate_expiring_check

Checks if a CA certificate is expiring.

This check applies to CA certificates expiring within 30 days or that have expired.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificateexpiringcheck

ca_certificate_key_quality_check

Checks the quality of the CA certificate key.

The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificatekeyqualitycheck

conflicting_client_ids_check

Checks if multiple devices connect using the same client ID.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-conflictingclientidscheck

device_certificate_age_check

Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateagecheck

device_certificate_expiring_check

Checks if a device certificate is expiring.

By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateexpiringcheck

device_certificate_key_quality_check

Checks the quality of the device certificate key.

The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatekeyqualitycheck

device_certificate_shared_check

Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatesharedcheck

intermediate_ca_revoked_for_active_device_certificates_check

Checks if device certificates are still active despite being revoked by an intermediate CA.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-intermediatecarevokedforactivedevicecertificatescheck

io_t_policy_potential_mis_configuration_check

Checks if an AWS IoT policy is potentially misconfigured.

Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicypotentialmisconfigurationcheck

iot_policy_overly_permissive_check

Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicyoverlypermissivecheck

iot_role_alias_allows_access_to_unused_services_check

Checks if a role alias has access to services that haven’t been used for the AWS IoT device in the last year.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasallowsaccesstounusedservicescheck

iot_role_alias_overly_permissive_check

Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasoverlypermissivecheck

logging_disabled_check

Checks if AWS IoT logs are disabled.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-loggingdisabledcheck

revoked_ca_certificate_still_active_check

Checks if a revoked CA certificate is still active.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokedcacertificatestillactivecheck

revoked_device_certificate_still_active_check

Checks if a revoked device certificate is still active.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokeddevicecertificatestillactivecheck

unauthenticated_cognito_role_overly_permissive_check

Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-unauthenticatedcognitoroleoverlypermissivecheck

AuditNotificationTargetConfigurationsProperty

class CfnAccountAuditConfigurationPropsMixin.AuditNotificationTargetConfigurationsProperty(*, sns=None)

Bases: object

The configuration of the audit notification target.

Parameters:: sns (Union[IResolvable, AuditNotificationTargetProperty, Dict[str, Any], None]) – The Sns notification target.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtargetconfigurations.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_iot import mixins as iot_mixins

audit_notification_target_configurations_property = iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditNotificationTargetConfigurationsProperty(
    sns=iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditNotificationTargetProperty(
        enabled=False,
        role_arn="roleArn",
        target_arn="targetArn"
    )
)

Attributes

sns

The Sns notification target.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtargetconfigurations.html#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations-sns

AuditNotificationTargetProperty

class CfnAccountAuditConfigurationPropsMixin.AuditNotificationTargetProperty(*, enabled=None, role_arn=None, target_arn=None)

Bases: object

Information about the targets to which audit notifications are sent.

Parameters:

enabled (Union[bool, IResolvable, None]) – True if notifications to the target are enabled.
role_arn (Optional[str]) – The ARN of the role that grants permission to send notifications to the target.
target_arn (Optional[str]) – The ARN of the target (SNS topic) to which audit notifications are sent.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_iot import mixins as iot_mixins

audit_notification_target_property = iot_mixins.CfnAccountAuditConfigurationPropsMixin.AuditNotificationTargetProperty(
    enabled=False,
    role_arn="roleArn",
    target_arn="targetArn"
)

Attributes

enabled

True if notifications to the target are enabled.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-enabled

role_arn

The ARN of the role that grants permission to send notifications to the target.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-rolearn

target_arn

The ARN of the target (SNS topic) to which audit notifications are sent.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-targetarn

CertAgeCheckCustomConfigurationProperty

class CfnAccountAuditConfigurationPropsMixin.CertAgeCheckCustomConfigurationProperty(*, cert_age_threshold_in_days=None)

Bases: object

Configuration structure containing settings for the device certificate age check.

Parameters:: cert_age_threshold_in_days (Optional[str]) – The number of days that defines when a device certificate is considered to have aged. The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-certagecheckcustomconfiguration.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_iot import mixins as iot_mixins

cert_age_check_custom_configuration_property = iot_mixins.CfnAccountAuditConfigurationPropsMixin.CertAgeCheckCustomConfigurationProperty(
    cert_age_threshold_in_days="certAgeThresholdInDays"
)

Attributes

cert_age_threshold_in_days

The number of days that defines when a device certificate is considered to have aged.

The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-certagecheckcustomconfiguration.html#cfn-iot-accountauditconfiguration-certagecheckcustomconfiguration-certagethresholdindays

DeviceCertAgeAuditCheckConfigurationProperty

class CfnAccountAuditConfigurationPropsMixin.DeviceCertAgeAuditCheckConfigurationProperty(*, configuration=None, enabled=None)

Bases: object

Configuration for the device certificate age audit check.

Parameters:

configuration (Union[IResolvable, CertAgeCheckCustomConfigurationProperty, Dict[str, Any], None]) – Configuration settings for the device certificate age check, including the threshold in days for certificate age. This configuration is of type CertAgeCheckCustomConfiguration .
enabled (Union[bool, IResolvable, None]) – True if this audit check is enabled for this account.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-devicecertageauditcheckconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_iot import mixins as iot_mixins

device_cert_age_audit_check_configuration_property = iot_mixins.CfnAccountAuditConfigurationPropsMixin.DeviceCertAgeAuditCheckConfigurationProperty(
    configuration=iot_mixins.CfnAccountAuditConfigurationPropsMixin.CertAgeCheckCustomConfigurationProperty(
        cert_age_threshold_in_days="certAgeThresholdInDays"
    ),
    enabled=False
)

Attributes

configuration

Configuration settings for the device certificate age check, including the threshold in days for certificate age.

This configuration is of type CertAgeCheckCustomConfiguration .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-devicecertageauditcheckconfiguration.html#cfn-iot-accountauditconfiguration-devicecertageauditcheckconfiguration-configuration

enabled

True if this audit check is enabled for this account.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-devicecertageauditcheckconfiguration.html#cfn-iot-accountauditconfiguration-devicecertageauditcheckconfiguration-enabled