AWS::IoT::ScheduledAudit
Use the AWS::IoT::ScheduledAudit
resource to create a scheduled audit that
is run at a specified time interval. For API reference, see CreateScheduleAudit
and for general information, see Audit.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::IoT::ScheduledAudit", "Properties" : { "DayOfMonth" :
String
, "DayOfWeek" :String
, "Frequency" :String
, "ScheduledAuditName" :String
, "Tags" :[ Tag, ... ]
, "TargetCheckNames" :[ String, ... ]
} }
YAML
Type: AWS::IoT::ScheduledAudit Properties: DayOfMonth:
String
DayOfWeek:String
Frequency:String
ScheduledAuditName:String
Tags:- Tag
TargetCheckNames:- String
Properties
DayOfMonth
-
The day of the month on which the scheduled audit is run (if the
frequency
is "MONTHLY"). If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.Required: No
Type: String
Update requires: No interruption
DayOfWeek
-
The day of the week on which the scheduled audit is run (if the
frequency
is "WEEKLY" or "BIWEEKLY").Required: No
Type: String
Update requires: No interruption
Frequency
-
How often the scheduled audit occurs.
Required: Yes
Type: String
Update requires: No interruption
ScheduledAuditName
-
The name of the scheduled audit.
Required: No
Type: String
Update requires: Replacement
Tags
-
Metadata that can be used to manage the scheduled audit.
Required: No
Type: List of Tag
Update requires: No interruption
TargetCheckNames
-
Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use
DescribeAccountAuditConfiguration
to see the list of all checks, including those that are enabled or useUpdateAccountAuditConfiguration
to select which checks are enabled.)The following checks are currently aviable:
AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK
CA_CERTIFICATE_EXPIRING_CHECK
CA_CERTIFICATE_KEY_QUALITY_CHECK
CONFLICTING_CLIENT_IDS_CHECK
DEVICE_CERTIFICATE_EXPIRING_CHECK
DEVICE_CERTIFICATE_KEY_QUALITY_CHECK
DEVICE_CERTIFICATE_SHARED_CHECK
IOT_POLICY_OVERLY_PERMISSIVE_CHECK
IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK
IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK
LOGGING_DISABLED_CHECK
REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK
REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK
UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK
Required: Yes
Type: List of String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the scheduled audit name.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt.
Examples
In this ScheduledAudit example, all audit checks are enabled, the frequency of the audit is weekly, and the audit will occur every Monday.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Web Services IoT ScheduledAudit Sample Template", "Resources": { "MyScheduledAudit": { "Type": "AWS::IoT::ScheduledAudit", "Properties": { "ScheduledAuditName": "MyScheduledAudit", "DayOfWeek" : "MON", "Frequency" : "WEEKLY", "TargetCheckNames": [ "AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK", "CA_CERTIFICATE_EXPIRING_CHECK", "CA_CERTIFICATE_KEY_QUALITY_CHECK", "CONFLICTING_CLIENT_IDS_CHECK", "DEVICE_CERTIFICATE_EXPIRING_CHECK", "DEVICE_CERTIFICATE_KEY_QUALITY_CHECK", "DEVICE_CERTIFICATE_SHARED_CHECK", "IOT_POLICY_OVERLY_PERMISSIVE_CHECK", "IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK", "IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK", "LOGGING_DISABLED_CHECK", "REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK", "REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK", "UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK" ] } } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web Services IoT ScheduledAudit Sample Template Resources: MyScheduledAudit: Type: AWS::IoT::ScheduledAudit Properties: ScheduledAuditName: MyScheduledAudit DayOfWeek: 'MON' Frequency: WEEKLY TargetCheckNames: - AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK - CA_CERTIFICATE_EXPIRING_CHECK - CA_CERTIFICATE_KEY_QUALITY_CHECK - CONFLICTING_CLIENT_IDS_CHECK - DEVICE_CERTIFICATE_EXPIRING_CHECK - DEVICE_CERTIFICATE_KEY_QUALITY_CHECK - DEVICE_CERTIFICATE_SHARED_CHECK - IOT_POLICY_OVERLY_PERMISSIVE_CHECK - IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK - IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK - LOGGING_DISABLED_CHECK - REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK - REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK - UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK
See also
For more information on audit checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfiguration.