Class CfnAccountAuditConfiguration
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.iot.CfnAccountAuditConfiguration
- All Implemented Interfaces:
IConstruct,IDependable,IInspectable,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
date="2023-06-19T16:29:57.510Z")
@Stability(Stable)
public class CfnAccountAuditConfiguration
extends CfnResource
implements IInspectable
A CloudFormation
AWS::IoT::AccountAuditConfiguration.
Use the AWS::IoT::AccountAuditConfiguration resource to configure or reconfigure the Device Defender audit settings for your account. Settings include how audit notifications are sent and which audit checks are enabled or disabled. For API reference, see UpdateAccountAuditConfiguration and for detailed information on all available audit checks, see Audit checks .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.iot.*;
CfnAccountAuditConfiguration cfnAccountAuditConfiguration = CfnAccountAuditConfiguration.Builder.create(this, "MyCfnAccountAuditConfiguration")
.accountId("accountId")
.auditCheckConfigurations(AuditCheckConfigurationsProperty.builder()
.authenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.caCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.caCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.conflictingClientIdsCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.deviceCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.deviceCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.deviceCertificateSharedCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.intermediateCaRevokedForActiveDeviceCertificatesCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.iotPolicyOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.ioTPolicyPotentialMisConfigurationCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.iotRoleAliasAllowsAccessToUnusedServicesCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.iotRoleAliasOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.loggingDisabledCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.revokedCaCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.revokedDeviceCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.unauthenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.build())
.roleArn("roleArn")
// the properties below are optional
.auditNotificationTargetConfigurations(AuditNotificationTargetConfigurationsProperty.builder()
.sns(AuditNotificationTargetProperty.builder()
.enabled(false)
.roleArn("roleArn")
.targetArn("targetArn")
.build())
.build())
.build();
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceWhich audit checks are enabled and disabled for this account.static interfaceThe types of audit checks that can be performed.static interfaceThe configuration of the audit notification target.static interfaceInformation about the targets to which audit notifications are sent.static final classA fluent builder forCfnAccountAuditConfiguration.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionCfnAccountAuditConfiguration(Construct scope, String id, CfnAccountAuditConfigurationProps props) Create a newAWS::IoT::AccountAuditConfiguration.protectedCfnAccountAuditConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnAccountAuditConfiguration(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptionThe ID of the account.Specifies which audit checks are enabled and disabled for this account.Information about the targets to which audit notifications are sent.The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.voidinspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties(Map<String, Object> props) voidsetAccountId(String value) The ID of the account.voidSpecifies which audit checks are enabled and disabled for this account.voidSpecifies which audit checks are enabled and disabled for this account.voidInformation about the targets to which audit notifications are sent.voidsetAuditNotificationTargetConfigurations(CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty value) Information about the targets to which audit notifications are sent.voidsetRoleArn(String value) The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.Methods inherited from class software.amazon.awscdk.core.CfnResource
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validatePropertiesMethods inherited from class software.amazon.awscdk.core.CfnRefElement
getRefMethods inherited from class software.amazon.awscdk.core.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdMethods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validateMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnAccountAuditConfiguration
protected CfnAccountAuditConfiguration(software.amazon.jsii.JsiiObjectRef objRef) -
CfnAccountAuditConfiguration
protected CfnAccountAuditConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnAccountAuditConfiguration
@Stability(Stable) public CfnAccountAuditConfiguration(@NotNull Construct scope, @NotNull String id, @NotNull CfnAccountAuditConfigurationProps props) Create a newAWS::IoT::AccountAuditConfiguration.- Parameters:
scope-- scope in which this resource is defined.
id-- scoped id of the resource.
props-- resource properties.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspectin interfaceIInspectable- Parameters:
inspector-- tree inspector to collect and process attributes.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderPropertiesin classCfnResource- Parameters:
props- This parameter is required.
-
getCfnProperties
- Overrides:
getCfnPropertiesin classCfnResource
-
getAccountId
The ID of the account.You can use the expression
!Sub "${AWS::AccountId}"to use your account ID. -
setAccountId
The ID of the account.You can use the expression
!Sub "${AWS::AccountId}"to use your account ID. -
getAuditCheckConfigurations
Specifies which audit checks are enabled and disabled for this account.Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
-
setAuditCheckConfigurations
@Stability(Stable) public void setAuditCheckConfigurations(@NotNull CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty value) Specifies which audit checks are enabled and disabled for this account.Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
-
setAuditCheckConfigurations
Specifies which audit checks are enabled and disabled for this account.Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
-
getRoleArn
The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit. -
setRoleArn
The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit. -
getAuditNotificationTargetConfigurations
Information about the targets to which audit notifications are sent. -
setAuditNotificationTargetConfigurations
@Stability(Stable) public void setAuditNotificationTargetConfigurations(@Nullable IResolvable value) Information about the targets to which audit notifications are sent. -
setAuditNotificationTargetConfigurations
@Stability(Stable) public void setAuditNotificationTargetConfigurations(@Nullable CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty value) Information about the targets to which audit notifications are sent.
-