This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::IoT::SecurityProfile
<a name="aws-resource-iot-securityprofile"></a>

Use the `AWS::IoT::SecurityProfile` resource to create a Device Defender security profile. For API reference, see [CreateSecurityProfile](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateSecurityProfile.html) and for general information, see [Detect](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html).

## Syntax
<a name="aws-resource-iot-securityprofile-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-resource-iot-securityprofile-syntax.json"></a>

```
{
  "Type" : "AWS::IoT::SecurityProfile",
  "Properties" : {
      "[AdditionalMetricsToRetainV2](#cfn-iot-securityprofile-additionalmetricstoretainv2)" : [ MetricToRetain, ... ],
      "[AlertTargets](#cfn-iot-securityprofile-alerttargets)" : {Key: Value, ...},
      "[Behaviors](#cfn-iot-securityprofile-behaviors)" : [ Behavior, ... ],
      "[MetricsExportConfig](#cfn-iot-securityprofile-metricsexportconfig)" : MetricsExportConfig,
      "[SecurityProfileDescription](#cfn-iot-securityprofile-securityprofiledescription)" : String,
      "[SecurityProfileName](#cfn-iot-securityprofile-securityprofilename)" : String,
      "[Tags](#cfn-iot-securityprofile-tags)" : [ Tag, ... ],
      "[TargetArns](#cfn-iot-securityprofile-targetarns)" : [ String, ... ]
    }
}
```

### YAML
<a name="aws-resource-iot-securityprofile-syntax.yaml"></a>

```
Type: AWS::IoT::SecurityProfile
Properties:
  [AdditionalMetricsToRetainV2](#cfn-iot-securityprofile-additionalmetricstoretainv2): 
    - MetricToRetain
  [AlertTargets](#cfn-iot-securityprofile-alerttargets): 
    Key: Value
  [Behaviors](#cfn-iot-securityprofile-behaviors): 
    - Behavior
  [MetricsExportConfig](#cfn-iot-securityprofile-metricsexportconfig): 
    MetricsExportConfig
  [SecurityProfileDescription](#cfn-iot-securityprofile-securityprofiledescription): String
  [SecurityProfileName](#cfn-iot-securityprofile-securityprofilename): String
  [Tags](#cfn-iot-securityprofile-tags): 
    - Tag
  [TargetArns](#cfn-iot-securityprofile-targetarns): 
    - String
```

## Properties
<a name="aws-resource-iot-securityprofile-properties"></a>

`AdditionalMetricsToRetainV2`  <a name="cfn-iot-securityprofile-additionalmetricstoretainv2"></a>
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's `behaviors`, but it's also retained for any metric specified here. Can be used with custom metrics; can't be used with dimensions.  
*Required*: No  
*Type*: Array of [MetricToRetain](aws-properties-iot-securityprofile-metrictoretain.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`AlertTargets`  <a name="cfn-iot-securityprofile-alerttargets"></a>
Specifies the destinations to which alerts are sent. (Alerts are always sent to the console.) Alerts are generated when a device (thing) violates a behavior.  
*Required*: No  
*Type*: Object of [AlertTarget](aws-properties-iot-securityprofile-alerttarget.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Behaviors`  <a name="cfn-iot-securityprofile-behaviors"></a>
Specifies the behaviors that, when violated by a device (thing), cause an alert.  
*Required*: No  
*Type*: Array of [Behavior](aws-properties-iot-securityprofile-behavior.md)  
*Maximum*: `100`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`MetricsExportConfig`  <a name="cfn-iot-securityprofile-metricsexportconfig"></a>
Specifies the MQTT topic and role ARN required for metric export.  
*Required*: No  
*Type*: [MetricsExportConfig](aws-properties-iot-securityprofile-metricsexportconfig.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`SecurityProfileDescription`  <a name="cfn-iot-securityprofile-securityprofiledescription"></a>
A description of the security profile.  
*Required*: No  
*Type*: String  
*Maximum*: `1000`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`SecurityProfileName`  <a name="cfn-iot-securityprofile-securityprofilename"></a>
The name you gave to the security profile.  
*Required*: No  
*Type*: String  
*Pattern*: `[a-zA-Z0-9:_-]+`  
*Minimum*: `1`  
*Maximum*: `128`  
*Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

`Tags`  <a name="cfn-iot-securityprofile-tags"></a>
Metadata that can be used to manage the security profile.  
*Required*: No  
*Type*: Array of [Tag](aws-properties-iot-securityprofile-tag.md)  
*Maximum*: `50`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`TargetArns`  <a name="cfn-iot-securityprofile-targetarns"></a>
The ARN of the target (thing group) to which the security profile is attached.  
*Required*: No  
*Type*: Array of String  
*Maximum*: `2048`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

## Return values
<a name="aws-resource-iot-securityprofile-return-values"></a>

### Ref
<a name="aws-resource-iot-securityprofile-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the security profile name.

### Fn::GetAtt
<a name="aws-resource-iot-securityprofile-return-values-fn--getatt"></a>

The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html).

#### 
<a name="aws-resource-iot-securityprofile-return-values-fn--getatt-fn--getatt"></a>

`SecurityProfileArn`  <a name="SecurityProfileArn-fn::getatt"></a>
The Amazon Resource Name (ARN) of the security profile.

## Examples
<a name="aws-resource-iot-securityprofile--examples"></a>



### 
<a name="aws-resource-iot-securityprofile--examples--"></a>



#### JSON
<a name="aws-resource-iot-securityprofile--examples----json"></a>

```
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Amazon Web Services IoT SecurityProfile Sample Template",
  "Resources": {
    "MySecurityProfile": {
      "Type": "AWS::IoT::SecurityProfile",
      "Properties": {
        "AdditionalMetricsToRetainV2": [
          {
            "Metric": "aws:num-messages-received"
          },
          {
            "Metric": "aws:num-disconnects"
          }
        ],
        "AlertTargets": {
          "SNS": {
            "AlertTargetArn": "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts",
            "RoleArn": "arn:aws:iam::123456789012:role/RoleForDefenderAlerts"
          }
        },
        "Behaviors": [
          {
            "Name": "MaxMessageSize",
            "Metric": "aws:message-byte-size",
            "Criteria": {
              "ConsecutiveDatapointsToAlarm": 1,
              "ConsecutiveDatapointsToClear": 1,
              "ComparisonOperator": "less-than-equals",
              "Value": {
                "Count": 5
              }
            }
          },
          {
            "Name": "OutboundMessageCount",
            "Metric": "aws:num-messages-sent",
            "Criteria": {
              "DurationSeconds": 300,
              "ComparisonOperator": "less-than-equals",
              "Value": {
                "Count": 50
              }
            }
          },
          {
            "Name": "AuthFailuresStatThreshold",
            "Metric": "aws:num-authorization-failures",
            "Criteria": {
              "ComparisonOperator": "less-than-equals",
              "DurationSeconds": 300,
              "StatisticalThreshold": {
                "Statistic": "p90"
              }
            }
          }
        ],
        "SecurityProfileDescription": "Contains expected behaviors for connected devices",
        "SecurityProfileName": "ProfileForConnectedDevices",
        "Tags": [
          {
            "Key": "Application",
            "Value": "SmartHome"
          }
        ],
        "TargetArns": [
          "arn:aws:iot:us-east-1:123456789012:all/things"
        ]
      }
    }
  }
}
```

#### YAML
<a name="aws-resource-iot-securityprofile--examples----yaml"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Description: Amazon Web Services IoT SecurityProfile Sample Template
Resources:
  MySecurityProfile:
    Type: 'AWS::IoT::SecurityProfile'
    Properties:
      AdditionalMetricsToRetainV2:
        - Metric: 'aws:num-messages-received'
        - Metric: 'aws:num-disconnects'
      AlertTargets:
        SNS:
          AlertTargetArn: 'arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts'
          RoleArn: 'arn:aws:iam::123456789012:role/RoleForDefenderAlerts'
      Behaviors:
        - Name: MaxMessageSize
          Metric: 'aws:message-byte-size'
          Criteria:
            ConsecutiveDatapointsToAlarm: 1
            ConsecutiveDatapointsToClear: 1
            ComparisonOperator: less-than-equals
            Value:
              Count: 5
        - Name: OutboundMessageCount
          Metric: 'aws:num-messages-sent'
          Criteria:
            DurationSeconds: 300
            ComparisonOperator: less-than-equals
            Value:
              Count: 50
        - Name: AuthFailuresStatThreshold
          Metric: 'aws:num-authorization-failures'
          Criteria:
            ComparisonOperator: less-than-equals
            DurationSeconds: 300
            StatisticalThreshold:
              Statistic: p90
      SecurityProfileDescription: Contains expected behaviors for connected devices
      SecurityProfileName: ProfileForConnectedDevices
      Tags:
        - Key: Application
          Value: SmartHome
      TargetArns:
        - 'arn:aws:iot:us-east-1:123456789012:all/things'
```

# AWS::IoT::SecurityProfile AlertTarget
<a name="aws-properties-iot-securityprofile-alerttarget"></a>

A structure containing the alert target ARN and the role ARN.

## Syntax
<a name="aws-properties-iot-securityprofile-alerttarget-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-alerttarget-syntax.json"></a>

```
{
  "[AlertTargetArn](#cfn-iot-securityprofile-alerttarget-alerttargetarn)" : String,
  "[RoleArn](#cfn-iot-securityprofile-alerttarget-rolearn)" : String
}
```

### YAML
<a name="aws-properties-iot-securityprofile-alerttarget-syntax.yaml"></a>

```
  [AlertTargetArn](#cfn-iot-securityprofile-alerttarget-alerttargetarn): String
  [RoleArn](#cfn-iot-securityprofile-alerttarget-rolearn): String
```

## Properties
<a name="aws-properties-iot-securityprofile-alerttarget-properties"></a>

`AlertTargetArn`  <a name="cfn-iot-securityprofile-alerttarget-alerttargetarn"></a>
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.  
*Required*: Yes  
*Type*: String  
*Maximum*: `2048`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`RoleArn`  <a name="cfn-iot-securityprofile-alerttarget-rolearn"></a>
The ARN of the role that grants permission to send alerts to the notification target.  
*Required*: Yes  
*Type*: String  
*Minimum*: `20`  
*Maximum*: `2048`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile Behavior
<a name="aws-properties-iot-securityprofile-behavior"></a>

A Device Defender security profile behavior.

## Syntax
<a name="aws-properties-iot-securityprofile-behavior-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-behavior-syntax.json"></a>

```
{
  "[Criteria](#cfn-iot-securityprofile-behavior-criteria)" : BehaviorCriteria,
  "[ExportMetric](#cfn-iot-securityprofile-behavior-exportmetric)" : Boolean,
  "[Metric](#cfn-iot-securityprofile-behavior-metric)" : String,
  "[MetricDimension](#cfn-iot-securityprofile-behavior-metricdimension)" : MetricDimension,
  "[Name](#cfn-iot-securityprofile-behavior-name)" : String,
  "[SuppressAlerts](#cfn-iot-securityprofile-behavior-suppressalerts)" : Boolean
}
```

### YAML
<a name="aws-properties-iot-securityprofile-behavior-syntax.yaml"></a>

```
  [Criteria](#cfn-iot-securityprofile-behavior-criteria): 
    BehaviorCriteria
  [ExportMetric](#cfn-iot-securityprofile-behavior-exportmetric): Boolean
  [Metric](#cfn-iot-securityprofile-behavior-metric): String
  [MetricDimension](#cfn-iot-securityprofile-behavior-metricdimension): 
    MetricDimension
  [Name](#cfn-iot-securityprofile-behavior-name): String
  [SuppressAlerts](#cfn-iot-securityprofile-behavior-suppressalerts): Boolean
```

## Properties
<a name="aws-properties-iot-securityprofile-behavior-properties"></a>

`Criteria`  <a name="cfn-iot-securityprofile-behavior-criteria"></a>
The criteria that determine if a device is behaving normally in regard to the `metric`.  
In the AWS IoT console, you can choose to be sent an alert through Amazon SNS when AWS IoT Device Defender detects that a device is behaving anomalously.
*Required*: No  
*Type*: [BehaviorCriteria](aws-properties-iot-securityprofile-behaviorcriteria.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ExportMetric`  <a name="cfn-iot-securityprofile-behavior-exportmetric"></a>
Value indicates exporting metrics related to the behavior when it is true.  
*Required*: No  
*Type*: Boolean  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Metric`  <a name="cfn-iot-securityprofile-behavior-metric"></a>
What is measured by the behavior.  
*Required*: No  
*Type*: String  
*Pattern*: `[a-zA-Z0-9:_-]+`  
*Minimum*: `1`  
*Maximum*: `128`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`MetricDimension`  <a name="cfn-iot-securityprofile-behavior-metricdimension"></a>
The dimension of the metric.  
*Required*: No  
*Type*: [MetricDimension](aws-properties-iot-securityprofile-metricdimension.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Name`  <a name="cfn-iot-securityprofile-behavior-name"></a>
The name you've given to the behavior.  
*Required*: Yes  
*Type*: String  
*Pattern*: `[a-zA-Z0-9:_-]+`  
*Minimum*: `1`  
*Maximum*: `128`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`SuppressAlerts`  <a name="cfn-iot-securityprofile-behavior-suppressalerts"></a>
The alert status. If you set the value to `true`, alerts will be suppressed.  
*Required*: No  
*Type*: Boolean  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile BehaviorCriteria
<a name="aws-properties-iot-securityprofile-behaviorcriteria"></a>

The criteria by which the behavior is determined to be normal.

## Syntax
<a name="aws-properties-iot-securityprofile-behaviorcriteria-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-behaviorcriteria-syntax.json"></a>

```
{
  "[ComparisonOperator](#cfn-iot-securityprofile-behaviorcriteria-comparisonoperator)" : String,
  "[ConsecutiveDatapointsToAlarm](#cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoalarm)" : Integer,
  "[ConsecutiveDatapointsToClear](#cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoclear)" : Integer,
  "[DurationSeconds](#cfn-iot-securityprofile-behaviorcriteria-durationseconds)" : Integer,
  "[MlDetectionConfig](#cfn-iot-securityprofile-behaviorcriteria-mldetectionconfig)" : MachineLearningDetectionConfig,
  "[StatisticalThreshold](#cfn-iot-securityprofile-behaviorcriteria-statisticalthreshold)" : StatisticalThreshold,
  "[Value](#cfn-iot-securityprofile-behaviorcriteria-value)" : MetricValue
}
```

### YAML
<a name="aws-properties-iot-securityprofile-behaviorcriteria-syntax.yaml"></a>

```
  [ComparisonOperator](#cfn-iot-securityprofile-behaviorcriteria-comparisonoperator): String
  [ConsecutiveDatapointsToAlarm](#cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoalarm): Integer
  [ConsecutiveDatapointsToClear](#cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoclear): Integer
  [DurationSeconds](#cfn-iot-securityprofile-behaviorcriteria-durationseconds): Integer
  [MlDetectionConfig](#cfn-iot-securityprofile-behaviorcriteria-mldetectionconfig): 
    MachineLearningDetectionConfig
  [StatisticalThreshold](#cfn-iot-securityprofile-behaviorcriteria-statisticalthreshold): 
    StatisticalThreshold
  [Value](#cfn-iot-securityprofile-behaviorcriteria-value): 
    MetricValue
```

## Properties
<a name="aws-properties-iot-securityprofile-behaviorcriteria-properties"></a>

`ComparisonOperator`  <a name="cfn-iot-securityprofile-behaviorcriteria-comparisonoperator"></a>
The operator that relates the thing measured (`metric`) to the criteria (containing a `value` or `statisticalThreshold`). Valid operators include:  
+ `string-list`: `in-set` and `not-in-set`
+ `number-list`: `in-set` and `not-in-set`
+ `ip-address-list`: `in-cidr-set` and `not-in-cidr-set`
+ `number`: `less-than`, `less-than-equals`, `greater-than`, and `greater-than-equals`
*Required*: No  
*Type*: String  
*Allowed values*: `less-than | less-than-equals | greater-than | greater-than-equals | in-cidr-set | not-in-cidr-set | in-port-set | not-in-port-set | in-set | not-in-set`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ConsecutiveDatapointsToAlarm`  <a name="cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoalarm"></a>
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.  
*Required*: No  
*Type*: Integer  
*Minimum*: `1`  
*Maximum*: `10`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ConsecutiveDatapointsToClear`  <a name="cfn-iot-securityprofile-behaviorcriteria-consecutivedatapointstoclear"></a>
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.  
*Required*: No  
*Type*: Integer  
*Minimum*: `1`  
*Maximum*: `10`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`DurationSeconds`  <a name="cfn-iot-securityprofile-behaviorcriteria-durationseconds"></a>
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, `NUM_MESSAGES_SENT`). For a `statisticalThreshhold` metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.  
*Required*: No  
*Type*: Integer  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`MlDetectionConfig`  <a name="cfn-iot-securityprofile-behaviorcriteria-mldetectionconfig"></a>
The confidence level of the detection model.  
*Required*: No  
*Type*: [MachineLearningDetectionConfig](aws-properties-iot-securityprofile-machinelearningdetectionconfig.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`StatisticalThreshold`  <a name="cfn-iot-securityprofile-behaviorcriteria-statisticalthreshold"></a>
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.  
*Required*: No  
*Type*: [StatisticalThreshold](aws-properties-iot-securityprofile-statisticalthreshold.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Value`  <a name="cfn-iot-securityprofile-behaviorcriteria-value"></a>
The value to be compared with the `metric`.  
*Required*: No  
*Type*: [MetricValue](aws-properties-iot-securityprofile-metricvalue.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile MachineLearningDetectionConfig
<a name="aws-properties-iot-securityprofile-machinelearningdetectionconfig"></a>

The `MachineLearningDetectionConfig` property type controls confidence of the machine learning model.

## Syntax
<a name="aws-properties-iot-securityprofile-machinelearningdetectionconfig-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-machinelearningdetectionconfig-syntax.json"></a>

```
{
  "[ConfidenceLevel](#cfn-iot-securityprofile-machinelearningdetectionconfig-confidencelevel)" : String
}
```

### YAML
<a name="aws-properties-iot-securityprofile-machinelearningdetectionconfig-syntax.yaml"></a>

```
  [ConfidenceLevel](#cfn-iot-securityprofile-machinelearningdetectionconfig-confidencelevel): String
```

## Properties
<a name="aws-properties-iot-securityprofile-machinelearningdetectionconfig-properties"></a>

`ConfidenceLevel`  <a name="cfn-iot-securityprofile-machinelearningdetectionconfig-confidencelevel"></a>
The model confidence level.  
There are three levels of confidence, `"high"`, `"medium"`, and `"low"`.  
The higher the confidence level, the lower the sensitivity, and the lower the alarm frequency will be.  
*Required*: No  
*Type*: String  
*Allowed values*: `LOW | MEDIUM | HIGH`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile MetricDimension
<a name="aws-properties-iot-securityprofile-metricdimension"></a>

The dimension of the metric.

## Syntax
<a name="aws-properties-iot-securityprofile-metricdimension-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-metricdimension-syntax.json"></a>

```
{
  "[DimensionName](#cfn-iot-securityprofile-metricdimension-dimensionname)" : String,
  "[Operator](#cfn-iot-securityprofile-metricdimension-operator)" : String
}
```

### YAML
<a name="aws-properties-iot-securityprofile-metricdimension-syntax.yaml"></a>

```
  [DimensionName](#cfn-iot-securityprofile-metricdimension-dimensionname): String
  [Operator](#cfn-iot-securityprofile-metricdimension-operator): String
```

## Properties
<a name="aws-properties-iot-securityprofile-metricdimension-properties"></a>

`DimensionName`  <a name="cfn-iot-securityprofile-metricdimension-dimensionname"></a>
The name of the dimension.  
*Required*: Yes  
*Type*: String  
*Pattern*: `[a-zA-Z0-9:_-]+`  
*Minimum*: `1`  
*Maximum*: `128`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Operator`  <a name="cfn-iot-securityprofile-metricdimension-operator"></a>
Operators are constructs that perform logical operations. Valid values are `IN` and `NOT_IN`.   
*Required*: No  
*Type*: String  
*Allowed values*: `IN | NOT_IN`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile MetricsExportConfig
<a name="aws-properties-iot-securityprofile-metricsexportconfig"></a>

Specifies the MQTT topic and role ARN required for metric export.

## Syntax
<a name="aws-properties-iot-securityprofile-metricsexportconfig-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-metricsexportconfig-syntax.json"></a>

```
{
  "[MqttTopic](#cfn-iot-securityprofile-metricsexportconfig-mqtttopic)" : String,
  "[RoleArn](#cfn-iot-securityprofile-metricsexportconfig-rolearn)" : String
}
```

### YAML
<a name="aws-properties-iot-securityprofile-metricsexportconfig-syntax.yaml"></a>

```
  [MqttTopic](#cfn-iot-securityprofile-metricsexportconfig-mqtttopic): String
  [RoleArn](#cfn-iot-securityprofile-metricsexportconfig-rolearn): String
```

## Properties
<a name="aws-properties-iot-securityprofile-metricsexportconfig-properties"></a>

`MqttTopic`  <a name="cfn-iot-securityprofile-metricsexportconfig-mqtttopic"></a>
The MQTT topic that Device Defender Detect should publish messages to for metrics export.  
*Required*: Yes  
*Type*: String  
*Minimum*: `1`  
*Maximum*: `512`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`RoleArn`  <a name="cfn-iot-securityprofile-metricsexportconfig-rolearn"></a>
This role ARN has permission to publish MQTT messages, after which Device Defender Detect can assume the role and publish messages on your behalf.  
*Required*: Yes  
*Type*: String  
*Minimum*: `20`  
*Maximum*: `2048`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile MetricToRetain
<a name="aws-properties-iot-securityprofile-metrictoretain"></a>

The metric you want to retain. Dimensions are optional.

## Syntax
<a name="aws-properties-iot-securityprofile-metrictoretain-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-metrictoretain-syntax.json"></a>

```
{
  "[ExportMetric](#cfn-iot-securityprofile-metrictoretain-exportmetric)" : Boolean,
  "[Metric](#cfn-iot-securityprofile-metrictoretain-metric)" : String,
  "[MetricDimension](#cfn-iot-securityprofile-metrictoretain-metricdimension)" : MetricDimension
}
```

### YAML
<a name="aws-properties-iot-securityprofile-metrictoretain-syntax.yaml"></a>

```
  [ExportMetric](#cfn-iot-securityprofile-metrictoretain-exportmetric): Boolean
  [Metric](#cfn-iot-securityprofile-metrictoretain-metric): String
  [MetricDimension](#cfn-iot-securityprofile-metrictoretain-metricdimension): 
    MetricDimension
```

## Properties
<a name="aws-properties-iot-securityprofile-metrictoretain-properties"></a>

`ExportMetric`  <a name="cfn-iot-securityprofile-metrictoretain-exportmetric"></a>
The value indicates exporting metrics related to the `MetricToRetain` when it's true.  
*Required*: No  
*Type*: Boolean  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Metric`  <a name="cfn-iot-securityprofile-metrictoretain-metric"></a>
A standard of measurement.  
*Required*: Yes  
*Type*: String  
*Pattern*: `[a-zA-Z0-9:_-]+`  
*Minimum*: `1`  
*Maximum*: `128`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`MetricDimension`  <a name="cfn-iot-securityprofile-metrictoretain-metricdimension"></a>
The dimension of the metric.  
*Required*: No  
*Type*: [MetricDimension](aws-properties-iot-securityprofile-metricdimension.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile MetricValue
<a name="aws-properties-iot-securityprofile-metricvalue"></a>

The value to be compared with the `metric`.

## Syntax
<a name="aws-properties-iot-securityprofile-metricvalue-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-metricvalue-syntax.json"></a>

```
{
  "[Cidrs](#cfn-iot-securityprofile-metricvalue-cidrs)" : [ String, ... ],
  "[Count](#cfn-iot-securityprofile-metricvalue-count)" : String,
  "[Number](#cfn-iot-securityprofile-metricvalue-number)" : Number,
  "[Numbers](#cfn-iot-securityprofile-metricvalue-numbers)" : [ Number, ... ],
  "[Ports](#cfn-iot-securityprofile-metricvalue-ports)" : [ Integer, ... ],
  "[Strings](#cfn-iot-securityprofile-metricvalue-strings)" : [ String, ... ]
}
```

### YAML
<a name="aws-properties-iot-securityprofile-metricvalue-syntax.yaml"></a>

```
  [Cidrs](#cfn-iot-securityprofile-metricvalue-cidrs): 
    - String
  [Count](#cfn-iot-securityprofile-metricvalue-count): String
  [Number](#cfn-iot-securityprofile-metricvalue-number): 
    Number
  [Numbers](#cfn-iot-securityprofile-metricvalue-numbers): 
    - Number
  [Ports](#cfn-iot-securityprofile-metricvalue-ports): 
    - Integer
  [Strings](#cfn-iot-securityprofile-metricvalue-strings): 
    - String
```

## Properties
<a name="aws-properties-iot-securityprofile-metricvalue-properties"></a>

`Cidrs`  <a name="cfn-iot-securityprofile-metricvalue-cidrs"></a>
If the `comparisonOperator` calls for a set of CIDRs, use this to specify that set to be compared with the `metric`.  
*Required*: No  
*Type*: Array of String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Count`  <a name="cfn-iot-securityprofile-metricvalue-count"></a>
If the `comparisonOperator` calls for a numeric value, use this to specify that numeric value to be compared with the `metric`.  
*Required*: No  
*Type*: String  
*Minimum*: `0`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Number`  <a name="cfn-iot-securityprofile-metricvalue-number"></a>
The numeric values of a metric.  
*Required*: No  
*Type*: Number  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Numbers`  <a name="cfn-iot-securityprofile-metricvalue-numbers"></a>
The numeric value of a metric.  
*Required*: No  
*Type*: Array of Number  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Ports`  <a name="cfn-iot-securityprofile-metricvalue-ports"></a>
If the `comparisonOperator` calls for a set of ports, use this to specify that set to be compared with the `metric`.  
*Required*: No  
*Type*: Array of Integer  
*Minimum*: `0`  
*Maximum*: `65535`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Strings`  <a name="cfn-iot-securityprofile-metricvalue-strings"></a>
The string values of a metric.  
*Required*: No  
*Type*: Array of String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile StatisticalThreshold
<a name="aws-properties-iot-securityprofile-statisticalthreshold"></a>

A statistical ranking (percentile) that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.

## Syntax
<a name="aws-properties-iot-securityprofile-statisticalthreshold-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-statisticalthreshold-syntax.json"></a>

```
{
  "[Statistic](#cfn-iot-securityprofile-statisticalthreshold-statistic)" : String
}
```

### YAML
<a name="aws-properties-iot-securityprofile-statisticalthreshold-syntax.yaml"></a>

```
  [Statistic](#cfn-iot-securityprofile-statisticalthreshold-statistic): String
```

## Properties
<a name="aws-properties-iot-securityprofile-statisticalthreshold-properties"></a>

`Statistic`  <a name="cfn-iot-securityprofile-statisticalthreshold-statistic"></a>
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period (`durationSeconds`) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below (`comparisonOperator`) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.  
*Required*: No  
*Type*: String  
*Allowed values*: `Average | p0 | p0.1 | p0.01 | p1 | p10 | p50 | p90 | p99 | p99.9 | p99.99 | p100`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoT::SecurityProfile Tag
<a name="aws-properties-iot-securityprofile-tag"></a>

A set of key/value pairs that are used to manage the resource.

## Syntax
<a name="aws-properties-iot-securityprofile-tag-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iot-securityprofile-tag-syntax.json"></a>

```
{
  "[Key](#cfn-iot-securityprofile-tag-key)" : String,
  "[Value](#cfn-iot-securityprofile-tag-value)" : String
}
```

### YAML
<a name="aws-properties-iot-securityprofile-tag-syntax.yaml"></a>

```
  [Key](#cfn-iot-securityprofile-tag-key): String
  [Value](#cfn-iot-securityprofile-tag-value): String
```

## Properties
<a name="aws-properties-iot-securityprofile-tag-properties"></a>

`Key`  <a name="cfn-iot-securityprofile-tag-key"></a>
The tag's key.  
*Required*: Yes  
*Type*: String  
*Minimum*: `1`  
*Maximum*: `128`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Value`  <a name="cfn-iot-securityprofile-tag-value"></a>
The tag's value.  
*Required*: Yes  
*Type*: String  
*Minimum*: `1`  
*Maximum*: `256`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)