AWS::IoT::ScheduledAudit - AWS CloudFormation

AWS::IoT::ScheduledAudit

Use the AWS::IoT::ScheduledAudit resource to create a scheduled audit that is run at a specified time interval. For API reference, see CreateScheduleAudit and for general information, see Audit.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::IoT::ScheduledAudit", "Properties" : { "DayOfMonth" : String, "DayOfWeek" : String, "Frequency" : String, "ScheduledAuditName" : String, "Tags" : [ Tag, ... ], "TargetCheckNames" : [ String, ... ] } }

YAML

Type: AWS::IoT::ScheduledAudit Properties: DayOfMonth: String DayOfWeek: String Frequency: String ScheduledAuditName: String Tags: - Tag TargetCheckNames: - String

Properties

DayOfMonth

The day of the month on which the scheduled audit is run (if the frequency is "MONTHLY"). If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.

Required: No

Type: String

Pattern: ^([1-9]|[12][0-9]|3[01])$|^LAST$|^UNSET_VALUE$

Update requires: No interruption

DayOfWeek

The day of the week on which the scheduled audit is run (if the frequency is "WEEKLY" or "BIWEEKLY").

Required: No

Type: String

Allowed values: SUN | MON | TUE | WED | THU | FRI | SAT | UNSET_VALUE

Update requires: No interruption

Frequency

How often the scheduled audit occurs.

Required: Yes

Type: String

Allowed values: DAILY | WEEKLY | BIWEEKLY | MONTHLY

Update requires: No interruption

ScheduledAuditName

The name of the scheduled audit.

Required: No

Type: String

Pattern: [a-zA-Z0-9:_-]+

Minimum: 1

Maximum: 128

Update requires: Replacement

Tags

Metadata that can be used to manage the scheduled audit.

Required: No

Type: Array of Tag

Maximum: 50

Update requires: No interruption

TargetCheckNames

Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)

The following checks are currently aviable:

  • AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK

  • CA_CERTIFICATE_EXPIRING_CHECK

  • CA_CERTIFICATE_KEY_QUALITY_CHECK

  • CONFLICTING_CLIENT_IDS_CHECK

  • DEVICE_CERTIFICATE_EXPIRING_CHECK

  • DEVICE_CERTIFICATE_KEY_QUALITY_CHECK

  • DEVICE_CERTIFICATE_SHARED_CHECK

  • IOT_POLICY_OVERLY_PERMISSIVE_CHECK

  • IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK

  • IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK

  • LOGGING_DISABLED_CHECK

  • REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK

  • REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK

  • UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK

Required: Yes

Type: Array of String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the scheduled audit name.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

ScheduledAuditArn

The ARN of the scheduled audit.

Examples

In this ScheduledAudit example, all audit checks are enabled, the frequency of the audit is weekly, and the audit will occur every Monday.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Web Services IoT ScheduledAudit Sample Template", "Resources": { "MyScheduledAudit": { "Type": "AWS::IoT::ScheduledAudit", "Properties": { "ScheduledAuditName": "MyScheduledAudit", "DayOfWeek" : "MON", "Frequency" : "WEEKLY", "TargetCheckNames": [ "AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK", "CA_CERTIFICATE_EXPIRING_CHECK", "CA_CERTIFICATE_KEY_QUALITY_CHECK", "CONFLICTING_CLIENT_IDS_CHECK", "DEVICE_CERTIFICATE_EXPIRING_CHECK", "DEVICE_CERTIFICATE_KEY_QUALITY_CHECK", "DEVICE_CERTIFICATE_SHARED_CHECK", "IOT_POLICY_OVERLY_PERMISSIVE_CHECK", "IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK", "IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK", "LOGGING_DISABLED_CHECK", "REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK", "REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK", "UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK" ] } } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web Services IoT ScheduledAudit Sample Template Resources: MyScheduledAudit: Type: AWS::IoT::ScheduledAudit Properties: ScheduledAuditName: MyScheduledAudit DayOfWeek: 'MON' Frequency: WEEKLY TargetCheckNames: - AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK - CA_CERTIFICATE_EXPIRING_CHECK - CA_CERTIFICATE_KEY_QUALITY_CHECK - CONFLICTING_CLIENT_IDS_CHECK - DEVICE_CERTIFICATE_EXPIRING_CHECK - DEVICE_CERTIFICATE_KEY_QUALITY_CHECK - DEVICE_CERTIFICATE_SHARED_CHECK - IOT_POLICY_OVERLY_PERMISSIVE_CHECK - IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK - IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK - LOGGING_DISABLED_CHECK - REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK - REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK - UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK

See also

For more information on audit checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfiguration.