CfnAccountAuditConfigurationProps

class aws_cdk.aws_iot.CfnAccountAuditConfigurationProps(*, account_id, audit_check_configurations, role_arn, audit_notification_target_configurations=None)

Bases: object

Properties for defining a CfnAccountAuditConfiguration.

Parameters:
  • account_id (str) – The ID of the account. You can use the expression !Sub "${AWS::AccountId}" to use your account ID.

  • audit_check_configurations (Union[IResolvable, AuditCheckConfigurationsProperty, Dict[str, Any]]) – Specifies which audit checks are enabled and disabled for this account. Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false . If an enabled check is removed from the template, it will also be disabled. You can’t disable a check if it’s used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

  • role_arn (str) – The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.

  • audit_notification_target_configurations (Union[IResolvable, AuditNotificationTargetConfigurationsProperty, Dict[str, Any], None]) – Information about the targets to which audit notifications are sent.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_iot as iot

cfn_account_audit_configuration_props = iot.CfnAccountAuditConfigurationProps(
    account_id="accountId",
    audit_check_configurations=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty(
        authenticated_cognito_role_overly_permissive_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        ca_certificate_expiring_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        ca_certificate_key_quality_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        conflicting_client_ids_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        device_certificate_expiring_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        device_certificate_key_quality_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        device_certificate_shared_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        intermediate_ca_revoked_for_active_device_certificates_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        iot_policy_overly_permissive_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        io_tPolicy_potential_mis_configuration_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        iot_role_alias_allows_access_to_unused_services_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        iot_role_alias_overly_permissive_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        logging_disabled_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        revoked_ca_certificate_still_active_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        revoked_device_certificate_still_active_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        ),
        unauthenticated_cognito_role_overly_permissive_check=iot.CfnAccountAuditConfiguration.AuditCheckConfigurationProperty(
            enabled=False
        )
    ),
    role_arn="roleArn",

    # the properties below are optional
    audit_notification_target_configurations=iot.CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty(
        sns=iot.CfnAccountAuditConfiguration.AuditNotificationTargetProperty(
            enabled=False,
            role_arn="roleArn",
            target_arn="targetArn"
        )
    )
)

Attributes

account_id

The ID of the account.

You can use the expression !Sub "${AWS::AccountId}" to use your account ID.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-accountid

audit_check_configurations

Specifies which audit checks are enabled and disabled for this account.

Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

If an enabled check is removed from the template, it will also be disabled.

You can’t disable a check if it’s used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations

audit_notification_target_configurations

Information about the targets to which audit notifications are sent.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations

role_arn

The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-rolearn