Class CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder
java.lang.Object
software.amazon.awscdk.services.iot.CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder
- All Implemented Interfaces:
software.amazon.jsii.Builder<CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty>
- Enclosing interface:
CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty
@Stability(Stable)
public static final class CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder
extends Object
implements software.amazon.jsii.Builder<CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty>
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthenticatedCognitoRoleOverlyPermissiveCheck
(IResolvable authenticatedCognitoRoleOverlyPermissiveCheck) authenticatedCognitoRoleOverlyPermissiveCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty authenticatedCognitoRoleOverlyPermissiveCheck) build()
Builds the configured instance.caCertificateExpiringCheck
(IResolvable caCertificateExpiringCheck) caCertificateExpiringCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty caCertificateExpiringCheck) caCertificateKeyQualityCheck
(IResolvable caCertificateKeyQualityCheck) caCertificateKeyQualityCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty caCertificateKeyQualityCheck) conflictingClientIdsCheck
(IResolvable conflictingClientIdsCheck) conflictingClientIdsCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty conflictingClientIdsCheck) deviceCertificateExpiringCheck
(IResolvable deviceCertificateExpiringCheck) deviceCertificateExpiringCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty deviceCertificateExpiringCheck) deviceCertificateKeyQualityCheck
(IResolvable deviceCertificateKeyQualityCheck) deviceCertificateKeyQualityCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty deviceCertificateKeyQualityCheck) deviceCertificateSharedCheck
(IResolvable deviceCertificateSharedCheck) deviceCertificateSharedCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty deviceCertificateSharedCheck) intermediateCaRevokedForActiveDeviceCertificatesCheck
(IResolvable intermediateCaRevokedForActiveDeviceCertificatesCheck) intermediateCaRevokedForActiveDeviceCertificatesCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty intermediateCaRevokedForActiveDeviceCertificatesCheck) iotPolicyOverlyPermissiveCheck
(IResolvable iotPolicyOverlyPermissiveCheck) iotPolicyOverlyPermissiveCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty iotPolicyOverlyPermissiveCheck) ioTPolicyPotentialMisConfigurationCheck
(IResolvable ioTPolicyPotentialMisConfigurationCheck) ioTPolicyPotentialMisConfigurationCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty ioTPolicyPotentialMisConfigurationCheck) iotRoleAliasAllowsAccessToUnusedServicesCheck
(IResolvable iotRoleAliasAllowsAccessToUnusedServicesCheck) iotRoleAliasAllowsAccessToUnusedServicesCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty iotRoleAliasAllowsAccessToUnusedServicesCheck) iotRoleAliasOverlyPermissiveCheck
(IResolvable iotRoleAliasOverlyPermissiveCheck) iotRoleAliasOverlyPermissiveCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty iotRoleAliasOverlyPermissiveCheck) loggingDisabledCheck
(IResolvable loggingDisabledCheck) loggingDisabledCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty loggingDisabledCheck) revokedCaCertificateStillActiveCheck
(IResolvable revokedCaCertificateStillActiveCheck) revokedCaCertificateStillActiveCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty revokedCaCertificateStillActiveCheck) revokedDeviceCertificateStillActiveCheck
(IResolvable revokedDeviceCertificateStillActiveCheck) revokedDeviceCertificateStillActiveCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty revokedDeviceCertificateStillActiveCheck) unauthenticatedCognitoRoleOverlyPermissiveCheck
(IResolvable unauthenticatedCognitoRoleOverlyPermissiveCheck) unauthenticatedCognitoRoleOverlyPermissiveCheck
(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty unauthenticatedCognitoRoleOverlyPermissiveCheck)
-
Constructor Details
-
Builder
public Builder()
-
-
Method Details
-
authenticatedCognitoRoleOverlyPermissiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder authenticatedCognitoRoleOverlyPermissiveCheck(IResolvable authenticatedCognitoRoleOverlyPermissiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getAuthenticatedCognitoRoleOverlyPermissiveCheck()
- Parameters:
authenticatedCognitoRoleOverlyPermissiveCheck
- Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.- Returns:
this
-
authenticatedCognitoRoleOverlyPermissiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder authenticatedCognitoRoleOverlyPermissiveCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty authenticatedCognitoRoleOverlyPermissiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getAuthenticatedCognitoRoleOverlyPermissiveCheck()
- Parameters:
authenticatedCognitoRoleOverlyPermissiveCheck
- Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.- Returns:
this
-
caCertificateExpiringCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder caCertificateExpiringCheck(IResolvable caCertificateExpiringCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getCaCertificateExpiringCheck()
- Parameters:
caCertificateExpiringCheck
- Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.- Returns:
this
-
caCertificateExpiringCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder caCertificateExpiringCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty caCertificateExpiringCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getCaCertificateExpiringCheck()
- Parameters:
caCertificateExpiringCheck
- Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.- Returns:
this
-
caCertificateKeyQualityCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder caCertificateKeyQualityCheck(IResolvable caCertificateKeyQualityCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getCaCertificateKeyQualityCheck()
- Parameters:
caCertificateKeyQualityCheck
- Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that areACTIVE
orPENDING_TRANSFER
.- Returns:
this
-
caCertificateKeyQualityCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder caCertificateKeyQualityCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty caCertificateKeyQualityCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getCaCertificateKeyQualityCheck()
- Parameters:
caCertificateKeyQualityCheck
- Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that areACTIVE
orPENDING_TRANSFER
.- Returns:
this
-
conflictingClientIdsCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder conflictingClientIdsCheck(IResolvable conflictingClientIdsCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getConflictingClientIdsCheck()
- Parameters:
conflictingClientIdsCheck
- Checks if multiple devices connect using the same client ID.- Returns:
this
-
conflictingClientIdsCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder conflictingClientIdsCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty conflictingClientIdsCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getConflictingClientIdsCheck()
- Parameters:
conflictingClientIdsCheck
- Checks if multiple devices connect using the same client ID.- Returns:
this
-
deviceCertificateExpiringCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder deviceCertificateExpiringCheck(IResolvable deviceCertificateExpiringCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getDeviceCertificateExpiringCheck()
- Parameters:
deviceCertificateExpiringCheck
- Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.- Returns:
this
-
deviceCertificateExpiringCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder deviceCertificateExpiringCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty deviceCertificateExpiringCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getDeviceCertificateExpiringCheck()
- Parameters:
deviceCertificateExpiringCheck
- Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.- Returns:
this
-
deviceCertificateKeyQualityCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder deviceCertificateKeyQualityCheck(IResolvable deviceCertificateKeyQualityCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getDeviceCertificateKeyQualityCheck()
- Parameters:
deviceCertificateKeyQualityCheck
- Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.- Returns:
this
-
deviceCertificateKeyQualityCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder deviceCertificateKeyQualityCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty deviceCertificateKeyQualityCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getDeviceCertificateKeyQualityCheck()
- Parameters:
deviceCertificateKeyQualityCheck
- Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.- Returns:
this
-
intermediateCaRevokedForActiveDeviceCertificatesCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder intermediateCaRevokedForActiveDeviceCertificatesCheck(IResolvable intermediateCaRevokedForActiveDeviceCertificatesCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIntermediateCaRevokedForActiveDeviceCertificatesCheck()
- Parameters:
intermediateCaRevokedForActiveDeviceCertificatesCheck
- Checks if device certificates are still active despite being revoked by an intermediate CA.- Returns:
this
-
intermediateCaRevokedForActiveDeviceCertificatesCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder intermediateCaRevokedForActiveDeviceCertificatesCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty intermediateCaRevokedForActiveDeviceCertificatesCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIntermediateCaRevokedForActiveDeviceCertificatesCheck()
- Parameters:
intermediateCaRevokedForActiveDeviceCertificatesCheck
- Checks if device certificates are still active despite being revoked by an intermediate CA.- Returns:
this
-
iotPolicyOverlyPermissiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder iotPolicyOverlyPermissiveCheck(IResolvable iotPolicyOverlyPermissiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIotPolicyOverlyPermissiveCheck()
- Parameters:
iotPolicyOverlyPermissiveCheck
- Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.- Returns:
this
-
iotPolicyOverlyPermissiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder iotPolicyOverlyPermissiveCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty iotPolicyOverlyPermissiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIotPolicyOverlyPermissiveCheck()
- Parameters:
iotPolicyOverlyPermissiveCheck
- Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.- Returns:
this
-
ioTPolicyPotentialMisConfigurationCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder ioTPolicyPotentialMisConfigurationCheck(IResolvable ioTPolicyPotentialMisConfigurationCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIoTPolicyPotentialMisConfigurationCheck()
- Parameters:
ioTPolicyPotentialMisConfigurationCheck
- Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.- Returns:
this
-
ioTPolicyPotentialMisConfigurationCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder ioTPolicyPotentialMisConfigurationCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty ioTPolicyPotentialMisConfigurationCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIoTPolicyPotentialMisConfigurationCheck()
- Parameters:
ioTPolicyPotentialMisConfigurationCheck
- Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.- Returns:
this
-
iotRoleAliasAllowsAccessToUnusedServicesCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder iotRoleAliasAllowsAccessToUnusedServicesCheck(IResolvable iotRoleAliasAllowsAccessToUnusedServicesCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIotRoleAliasAllowsAccessToUnusedServicesCheck()
- Parameters:
iotRoleAliasAllowsAccessToUnusedServicesCheck
- Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.- Returns:
this
-
iotRoleAliasAllowsAccessToUnusedServicesCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder iotRoleAliasAllowsAccessToUnusedServicesCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty iotRoleAliasAllowsAccessToUnusedServicesCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIotRoleAliasAllowsAccessToUnusedServicesCheck()
- Parameters:
iotRoleAliasAllowsAccessToUnusedServicesCheck
- Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.- Returns:
this
-
iotRoleAliasOverlyPermissiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder iotRoleAliasOverlyPermissiveCheck(IResolvable iotRoleAliasOverlyPermissiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIotRoleAliasOverlyPermissiveCheck()
- Parameters:
iotRoleAliasOverlyPermissiveCheck
- Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.- Returns:
this
-
iotRoleAliasOverlyPermissiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder iotRoleAliasOverlyPermissiveCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty iotRoleAliasOverlyPermissiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getIotRoleAliasOverlyPermissiveCheck()
- Parameters:
iotRoleAliasOverlyPermissiveCheck
- Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.- Returns:
this
-
loggingDisabledCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder loggingDisabledCheck(IResolvable loggingDisabledCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getLoggingDisabledCheck()
- Parameters:
loggingDisabledCheck
- Checks if AWS IoT logs are disabled.- Returns:
this
-
loggingDisabledCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder loggingDisabledCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty loggingDisabledCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getLoggingDisabledCheck()
- Parameters:
loggingDisabledCheck
- Checks if AWS IoT logs are disabled.- Returns:
this
-
revokedCaCertificateStillActiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder revokedCaCertificateStillActiveCheck(IResolvable revokedCaCertificateStillActiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getRevokedCaCertificateStillActiveCheck()
- Parameters:
revokedCaCertificateStillActiveCheck
- Checks if a revoked CA certificate is still active.- Returns:
this
-
revokedCaCertificateStillActiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder revokedCaCertificateStillActiveCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty revokedCaCertificateStillActiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getRevokedCaCertificateStillActiveCheck()
- Parameters:
revokedCaCertificateStillActiveCheck
- Checks if a revoked CA certificate is still active.- Returns:
this
-
revokedDeviceCertificateStillActiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder revokedDeviceCertificateStillActiveCheck(IResolvable revokedDeviceCertificateStillActiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getRevokedDeviceCertificateStillActiveCheck()
- Parameters:
revokedDeviceCertificateStillActiveCheck
- Checks if a revoked device certificate is still active.- Returns:
this
-
revokedDeviceCertificateStillActiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder revokedDeviceCertificateStillActiveCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty revokedDeviceCertificateStillActiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getRevokedDeviceCertificateStillActiveCheck()
- Parameters:
revokedDeviceCertificateStillActiveCheck
- Checks if a revoked device certificate is still active.- Returns:
this
-
unauthenticatedCognitoRoleOverlyPermissiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder unauthenticatedCognitoRoleOverlyPermissiveCheck(IResolvable unauthenticatedCognitoRoleOverlyPermissiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getUnauthenticatedCognitoRoleOverlyPermissiveCheck()
- Parameters:
unauthenticatedCognitoRoleOverlyPermissiveCheck
- Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.- Returns:
this
-
unauthenticatedCognitoRoleOverlyPermissiveCheck
@Stability(Stable) public CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder unauthenticatedCognitoRoleOverlyPermissiveCheck(CfnAccountAuditConfiguration.AuditCheckConfigurationProperty unauthenticatedCognitoRoleOverlyPermissiveCheck) Sets the value ofCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.getUnauthenticatedCognitoRoleOverlyPermissiveCheck()
- Parameters:
unauthenticatedCognitoRoleOverlyPermissiveCheck
- Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.- Returns:
this
-
build
Builds the configured instance.- Specified by:
build
in interfacesoftware.amazon.jsii.Builder<CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty>
- Returns:
- a new instance of
CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty
- Throws:
NullPointerException
- if any required attribute was not provided
-