Package software.amazon.awscdk.services.iot

Interface CfnAccountAuditConfigurationProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnAccountAuditConfigurationProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.97.0 (build 729de35)",
           date="2024-04-24T21:00:30.998Z")
@Stability(Stable)
public interface CfnAccountAuditConfigurationProps
extends software.amazon.jsii.JsiiSerializable

Properties for defining a CfnAccountAuditConfiguration.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.iot.*;
 CfnAccountAuditConfigurationProps cfnAccountAuditConfigurationProps = CfnAccountAuditConfigurationProps.builder()
         .accountId("accountId")
         .auditCheckConfigurations(AuditCheckConfigurationsProperty.builder()
                 .authenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .caCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .caCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .conflictingClientIdsCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .deviceCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .deviceCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .deviceCertificateSharedCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .intermediateCaRevokedForActiveDeviceCertificatesCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .iotPolicyOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .ioTPolicyPotentialMisConfigurationCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .iotRoleAliasAllowsAccessToUnusedServicesCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .iotRoleAliasOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .loggingDisabledCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .revokedCaCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .revokedDeviceCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .unauthenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .build())
         .roleArn("roleArn")
         // the properties below are optional
         .auditNotificationTargetConfigurations(AuditNotificationTargetConfigurationsProperty.builder()
                 .sns(AuditNotificationTargetProperty.builder()
                         .enabled(false)
                         .roleArn("roleArn")
                         .targetArn("targetArn")
                         .build())
                 .build())
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnAccountAuditConfigurationProps.Builder	A builder for CfnAccountAuditConfigurationProps
static final class	CfnAccountAuditConfigurationProps.Jsii$Proxy	An implementation for CfnAccountAuditConfigurationProps

Method Summary

Modifier and Type	Method	Description
static CfnAccountAuditConfigurationProps.Builder	builder()
String	getAccountId()	The ID of the account.
Object	getAuditCheckConfigurations()	Specifies which audit checks are enabled and disabled for this account.
default Object	getAuditNotificationTargetConfigurations()	Information about the targets to which audit notifications are sent.
String	getRoleArn()	The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getAccountId

@Stability(Stable)
@NotNull
String getAccountId()

The ID of the account.

You can use the expression !Sub "${AWS::AccountId}" to use your account ID.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-accountid

getAuditCheckConfigurations

@Stability(Stable)
@NotNull
Object getAuditCheckConfigurations()

Specifies which audit checks are enabled and disabled for this account.

Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

If an enabled check is removed from the template, it will also be disabled.

You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations

getRoleArn

@Stability(Stable)
@NotNull
String getRoleArn()

The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-rolearn

getAuditNotificationTargetConfigurations

@Stability(Stable)
@Nullable
default Object getAuditNotificationTargetConfigurations()

Information about the targets to which audit notifications are sent.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations

builder

@Stability(Stable)
static CfnAccountAuditConfigurationProps.Builder builder()

Returns:

a CfnAccountAuditConfigurationProps.Builder of CfnAccountAuditConfigurationProps