public static interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.iot.*; AuditCheckConfigurationsProperty auditCheckConfigurationsProperty = AuditCheckConfigurationsProperty.builder() .authenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .caCertificateExpiringCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .caCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .conflictingClientIdsCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .deviceCertificateExpiringCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .deviceCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .deviceCertificateSharedCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .iotPolicyOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .iotRoleAliasAllowsAccessToUnusedServicesCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .iotRoleAliasOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .loggingDisabledCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .revokedCaCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .revokedDeviceCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .unauthenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .build();
Modifier and Type | Interface and Description |
---|---|
static class |
CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder
|
static class |
CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy
An implementation for
CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty |
Modifier and Type | Method and Description |
---|---|
static CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder |
builder() |
default java.lang.Object |
getAuthenticatedCognitoRoleOverlyPermissiveCheck()
Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
|
default java.lang.Object |
getCaCertificateExpiringCheck()
Checks if a CA certificate is expiring.
|
default java.lang.Object |
getCaCertificateKeyQualityCheck()
Checks the quality of the CA certificate key.
|
default java.lang.Object |
getConflictingClientIdsCheck()
Checks if multiple devices connect using the same client ID.
|
default java.lang.Object |
getDeviceCertificateExpiringCheck()
Checks if a device certificate is expiring.
|
default java.lang.Object |
getDeviceCertificateKeyQualityCheck()
Checks the quality of the device certificate key.
|
default java.lang.Object |
getDeviceCertificateSharedCheck()
Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
|
default java.lang.Object |
getIotPolicyOverlyPermissiveCheck()
Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
|
default java.lang.Object |
getIotRoleAliasAllowsAccessToUnusedServicesCheck()
Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
|
default java.lang.Object |
getIotRoleAliasOverlyPermissiveCheck()
Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
|
default java.lang.Object |
getLoggingDisabledCheck()
Checks if AWS IoT logs are disabled.
|
default java.lang.Object |
getRevokedCaCertificateStillActiveCheck()
Checks if a revoked CA certificate is still active.
|
default java.lang.Object |
getRevokedDeviceCertificateStillActiveCheck()
Checks if a revoked device certificate is still active.
|
default java.lang.Object |
getUnauthenticatedCognitoRoleOverlyPermissiveCheck()
Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
|
default java.lang.Object getAuthenticatedCognitoRoleOverlyPermissiveCheck()
For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
default java.lang.Object getCaCertificateExpiringCheck()
This check applies to CA certificates expiring within 30 days or that have expired.
default java.lang.Object getCaCertificateKeyQualityCheck()
The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE
or PENDING_TRANSFER
.
default java.lang.Object getConflictingClientIdsCheck()
default java.lang.Object getDeviceCertificateExpiringCheck()
This check applies to device certificates expiring within 30 days or that have expired.
default java.lang.Object getDeviceCertificateKeyQualityCheck()
The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
default java.lang.Object getDeviceCertificateSharedCheck()
default java.lang.Object getIotPolicyOverlyPermissiveCheck()
default java.lang.Object getIotRoleAliasAllowsAccessToUnusedServicesCheck()
default java.lang.Object getIotRoleAliasOverlyPermissiveCheck()
default java.lang.Object getLoggingDisabledCheck()
default java.lang.Object getRevokedCaCertificateStillActiveCheck()
default java.lang.Object getRevokedDeviceCertificateStillActiveCheck()
default java.lang.Object getUnauthenticatedCognitoRoleOverlyPermissiveCheck()