Interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy
- Enclosing class:
CfnAccountAuditConfiguration
@Stability(Stable)
public static interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty
extends software.amazon.jsii.JsiiSerializable
The types of audit checks that can be performed.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.iot.*;
AuditCheckConfigurationsProperty auditCheckConfigurationsProperty = AuditCheckConfigurationsProperty.builder()
.authenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.caCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.caCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.conflictingClientIdsCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.deviceCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.deviceCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.deviceCertificateSharedCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.intermediateCaRevokedForActiveDeviceCertificatesCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.iotPolicyOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.ioTPolicyPotentialMisConfigurationCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.iotRoleAliasAllowsAccessToUnusedServicesCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.iotRoleAliasOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.loggingDisabledCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.revokedCaCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.revokedDeviceCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.unauthenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
.enabled(false)
.build())
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classstatic final classAn implementation forCfnAccountAuditConfiguration.AuditCheckConfigurationsProperty -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default ObjectChecks the permissiveness of an authenticated Amazon Cognito identity pool role.default ObjectChecks if a CA certificate is expiring.default ObjectChecks the quality of the CA certificate key.default ObjectChecks if multiple devices connect using the same client ID.default ObjectChecks if a device certificate is expiring.default ObjectChecks the quality of the device certificate key.default ObjectChecks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .default ObjectChecks if device certificates are still active despite being revoked by an intermediate CA.default ObjectChecks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.default ObjectChecks if an AWS IoT policy is potentially misconfigured.default ObjectChecks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.default ObjectChecks if the temporary credentials provided by AWS IoT role aliases are overly permissive.default ObjectChecks if AWS IoT logs are disabled.default ObjectChecks if a revoked CA certificate is still active.default ObjectChecks if a revoked device certificate is still active.default ObjectChecks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAuthenticatedCognitoRoleOverlyPermissiveCheck
Checks the permissiveness of an authenticated Amazon Cognito identity pool role.For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
- See Also:
-
getCaCertificateExpiringCheck
Checks if a CA certificate is expiring.This check applies to CA certificates expiring within 30 days or that have expired.
- See Also:
-
getCaCertificateKeyQualityCheck
Checks the quality of the CA certificate key.The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are
ACTIVEorPENDING_TRANSFER.- See Also:
-
getConflictingClientIdsCheck
Checks if multiple devices connect using the same client ID.- See Also:
-
getDeviceCertificateExpiringCheck
Checks if a device certificate is expiring.This check applies to device certificates expiring within 30 days or that have expired.
- See Also:
-
getDeviceCertificateKeyQualityCheck
Checks the quality of the device certificate key.The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
- See Also:
-
getIntermediateCaRevokedForActiveDeviceCertificatesCheck
@Stability(Stable) @Nullable default Object getIntermediateCaRevokedForActiveDeviceCertificatesCheck()Checks if device certificates are still active despite being revoked by an intermediate CA.- See Also:
-
getIotPolicyOverlyPermissiveCheck
Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.- See Also:
-
getIoTPolicyPotentialMisConfigurationCheck
Checks if an AWS IoT policy is potentially misconfigured.Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
- See Also:
-
getIotRoleAliasAllowsAccessToUnusedServicesCheck
Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.- See Also:
-
getIotRoleAliasOverlyPermissiveCheck
Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.- See Also:
-
getLoggingDisabledCheck
Checks if AWS IoT logs are disabled.- See Also:
-
getRevokedCaCertificateStillActiveCheck
Checks if a revoked CA certificate is still active.- See Also:
-
getRevokedDeviceCertificateStillActiveCheck
Checks if a revoked device certificate is still active.- See Also:
-
getUnauthenticatedCognitoRoleOverlyPermissiveCheck
Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.- See Also:
-
builder
@Stability(Stable) static CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder builder()
-