Package software.amazon.awscdk.services.iot

Class CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.iot.CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy

All Implemented Interfaces:

CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty, software.amazon.jsii.JsiiSerializable

Enclosing interface:

CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

@Stability(Stable)
@Internal
public static final class CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy
extends software.amazon.jsii.JsiiObject
implements CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

An implementation for CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iot.CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder, CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	Jsii$Proxy(CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder builder)	Constructor that initializes the object based on literal property values passed by the CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder.
protected	Jsii$Proxy(software.amazon.jsii.JsiiObjectRef objRef)	Constructor that initializes the object based on values retrieved from the JsiiObject.

Method Summary

Modifier and Type	Method	Description
com.fasterxml.jackson.databind.JsonNode	$jsii$toJson()
final boolean	equals(Object o)
final Object	getAuthenticatedCognitoRoleOverlyPermissiveCheck()	Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
final Object	getCaCertificateExpiringCheck()	Checks if a CA certificate is expiring.
final Object	getCaCertificateKeyQualityCheck()	Checks the quality of the CA certificate key.
final Object	getConflictingClientIdsCheck()	Checks if multiple devices connect using the same client ID.
final Object	getDeviceCertificateExpiringCheck()	Checks if a device certificate is expiring.
final Object	getDeviceCertificateKeyQualityCheck()	Checks the quality of the device certificate key.
final Object	getDeviceCertificateSharedCheck()	Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
final Object	getIntermediateCaRevokedForActiveDeviceCertificatesCheck()	Checks if device certificates are still active despite being revoked by an intermediate CA.
final Object	getIotPolicyOverlyPermissiveCheck()	Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
final Object	getIoTPolicyPotentialMisConfigurationCheck()	Checks if an AWS IoT policy is potentially misconfigured.
final Object	getIotRoleAliasAllowsAccessToUnusedServicesCheck()	Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
final Object	getIotRoleAliasOverlyPermissiveCheck()	Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
final Object	getLoggingDisabledCheck()	Checks if AWS IoT logs are disabled.
final Object	getRevokedCaCertificateStillActiveCheck()	Checks if a revoked CA certificate is still active.
final Object	getRevokedDeviceCertificateStillActiveCheck()	Checks if a revoked device certificate is still active.
final Object	getUnauthenticatedCognitoRoleOverlyPermissiveCheck()	Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
final int	hashCode()

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Jsii$Proxy

protected Jsii$Proxy(software.amazon.jsii.JsiiObjectRef objRef)

Constructor that initializes the object based on values retrieved from the JsiiObject.

Parameters:

objRef - Reference to the JSII managed object.

Jsii$Proxy

protected Jsii$Proxy(CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder builder)

Constructor that initializes the object based on literal property values passed by the CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder.

Method Details

getAuthenticatedCognitoRoleOverlyPermissiveCheck

public final Object getAuthenticatedCognitoRoleOverlyPermissiveCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks the permissiveness of an authenticated Amazon Cognito identity pool role.

For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.

Specified by:

getAuthenticatedCognitoRoleOverlyPermissiveCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-authenticatedcognitoroleoverlypermissivecheck

getCaCertificateExpiringCheck

public final Object getCaCertificateExpiringCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if a CA certificate is expiring.

This check applies to CA certificates expiring within 30 days or that have expired.

Specified by:

getCaCertificateExpiringCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificateexpiringcheck

getCaCertificateKeyQualityCheck

public final Object getCaCertificateKeyQualityCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks the quality of the CA certificate key.

The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .

Specified by:

getCaCertificateKeyQualityCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificatekeyqualitycheck

getConflictingClientIdsCheck

public final Object getConflictingClientIdsCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if multiple devices connect using the same client ID.

Specified by:

getConflictingClientIdsCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-conflictingclientidscheck

getDeviceCertificateExpiringCheck

public final Object getDeviceCertificateExpiringCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if a device certificate is expiring.

This check applies to device certificates expiring within 30 days or that have expired.

Specified by:

getDeviceCertificateExpiringCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateexpiringcheck

getDeviceCertificateKeyQualityCheck

public final Object getDeviceCertificateKeyQualityCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks the quality of the device certificate key.

The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.

Specified by:

getDeviceCertificateKeyQualityCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatekeyqualitycheck

getDeviceCertificateSharedCheck

public final Object getDeviceCertificateSharedCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .

Specified by:

getDeviceCertificateSharedCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatesharedcheck

getIntermediateCaRevokedForActiveDeviceCertificatesCheck

public final Object getIntermediateCaRevokedForActiveDeviceCertificatesCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if device certificates are still active despite being revoked by an intermediate CA.

Specified by:

getIntermediateCaRevokedForActiveDeviceCertificatesCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-intermediatecarevokedforactivedevicecertificatescheck

getIotPolicyOverlyPermissiveCheck

public final Object getIotPolicyOverlyPermissiveCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.

Specified by:

getIotPolicyOverlyPermissiveCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicyoverlypermissivecheck

getIoTPolicyPotentialMisConfigurationCheck

public final Object getIoTPolicyPotentialMisConfigurationCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if an AWS IoT policy is potentially misconfigured.

Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.

Specified by:

getIoTPolicyPotentialMisConfigurationCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicypotentialmisconfigurationcheck

getIotRoleAliasAllowsAccessToUnusedServicesCheck

public final Object getIotRoleAliasAllowsAccessToUnusedServicesCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.

Specified by:

getIotRoleAliasAllowsAccessToUnusedServicesCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasallowsaccesstounusedservicescheck

getIotRoleAliasOverlyPermissiveCheck

public final Object getIotRoleAliasOverlyPermissiveCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.

Specified by:

getIotRoleAliasOverlyPermissiveCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasoverlypermissivecheck

getLoggingDisabledCheck

public final Object getLoggingDisabledCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if AWS IoT logs are disabled.

Specified by:

getLoggingDisabledCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-loggingdisabledcheck

getRevokedCaCertificateStillActiveCheck

public final Object getRevokedCaCertificateStillActiveCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if a revoked CA certificate is still active.

Specified by:

getRevokedCaCertificateStillActiveCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokedcacertificatestillactivecheck

getRevokedDeviceCertificateStillActiveCheck

public final Object getRevokedDeviceCertificateStillActiveCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if a revoked device certificate is still active.

Specified by:

getRevokedDeviceCertificateStillActiveCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokeddevicecertificatestillactivecheck

getUnauthenticatedCognitoRoleOverlyPermissiveCheck

public final Object getUnauthenticatedCognitoRoleOverlyPermissiveCheck()

Description copied from interface: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

Specified by:

getUnauthenticatedCognitoRoleOverlyPermissiveCheck in interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-unauthenticatedcognitoroleoverlypermissivecheck

$jsii$toJson

@Internal
public com.fasterxml.jackson.databind.JsonNode $jsii$toJson()

Specified by:

$jsii$toJson in interface software.amazon.jsii.JsiiSerializable

equals

public final boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public final int hashCode()

Overrides:

hashCode in class Object