1. Packages
  2. AWS Native
  3. API Docs
  4. iot
  5. AccountAuditConfiguration

We recommend new projects start with resources from the AWS provider.

AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi

aws-native.iot.AccountAuditConfiguration

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi

    Configures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.

    Create AccountAuditConfiguration Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccountAuditConfiguration(name: string, args: AccountAuditConfigurationArgs, opts?: CustomResourceOptions);
    @overload
    def AccountAuditConfiguration(resource_name: str,
                                  args: AccountAuditConfigurationArgs,
                                  opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccountAuditConfiguration(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  account_id: Optional[str] = None,
                                  audit_check_configurations: Optional[AccountAuditConfigurationAuditCheckConfigurationsArgs] = None,
                                  role_arn: Optional[str] = None,
                                  audit_notification_target_configurations: Optional[AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs] = None)
    func NewAccountAuditConfiguration(ctx *Context, name string, args AccountAuditConfigurationArgs, opts ...ResourceOption) (*AccountAuditConfiguration, error)
    public AccountAuditConfiguration(string name, AccountAuditConfigurationArgs args, CustomResourceOptions? opts = null)
    public AccountAuditConfiguration(String name, AccountAuditConfigurationArgs args)
    public AccountAuditConfiguration(String name, AccountAuditConfigurationArgs args, CustomResourceOptions options)
    
    type: aws-native:iot:AccountAuditConfiguration
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccountAuditConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccountAuditConfigurationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccountAuditConfigurationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccountAuditConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccountAuditConfigurationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AccountAuditConfiguration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccountAuditConfiguration resource accepts the following input properties:

    AccountId string
    Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
    AuditCheckConfigurations Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurations

    Specifies which audit checks are enabled and disabled for this account.

    Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

    If an enabled check is removed from the template, it will also be disabled.

    You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

    For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

    RoleArn string
    The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
    AuditNotificationTargetConfigurations Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditNotificationTargetConfigurations
    Information about the targets to which audit notifications are sent.
    AccountId string
    Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
    AuditCheckConfigurations AccountAuditConfigurationAuditCheckConfigurationsArgs

    Specifies which audit checks are enabled and disabled for this account.

    Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

    If an enabled check is removed from the template, it will also be disabled.

    You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

    For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

    RoleArn string
    The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
    AuditNotificationTargetConfigurations AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
    Information about the targets to which audit notifications are sent.
    accountId String
    Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
    auditCheckConfigurations AccountAuditConfigurationAuditCheckConfigurations

    Specifies which audit checks are enabled and disabled for this account.

    Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

    If an enabled check is removed from the template, it will also be disabled.

    You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

    For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

    roleArn String
    The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
    auditNotificationTargetConfigurations AccountAuditConfigurationAuditNotificationTargetConfigurations
    Information about the targets to which audit notifications are sent.
    accountId string
    Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
    auditCheckConfigurations AccountAuditConfigurationAuditCheckConfigurations

    Specifies which audit checks are enabled and disabled for this account.

    Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

    If an enabled check is removed from the template, it will also be disabled.

    You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

    For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

    roleArn string
    The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
    auditNotificationTargetConfigurations AccountAuditConfigurationAuditNotificationTargetConfigurations
    Information about the targets to which audit notifications are sent.
    account_id str
    Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
    audit_check_configurations AccountAuditConfigurationAuditCheckConfigurationsArgs

    Specifies which audit checks are enabled and disabled for this account.

    Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

    If an enabled check is removed from the template, it will also be disabled.

    You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

    For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

    role_arn str
    The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
    audit_notification_target_configurations AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
    Information about the targets to which audit notifications are sent.
    accountId String
    Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
    auditCheckConfigurations Property Map

    Specifies which audit checks are enabled and disabled for this account.

    Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

    If an enabled check is removed from the template, it will also be disabled.

    You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

    For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

    roleArn String
    The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
    auditNotificationTargetConfigurations Property Map
    Information about the targets to which audit notifications are sent.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccountAuditConfiguration resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    AccountAuditConfigurationAuditCheckConfiguration, AccountAuditConfigurationAuditCheckConfigurationArgs

    Enabled bool
    True if the check is enabled.
    Enabled bool
    True if the check is enabled.
    enabled Boolean
    True if the check is enabled.
    enabled boolean
    True if the check is enabled.
    enabled bool
    True if the check is enabled.
    enabled Boolean
    True if the check is enabled.

    AccountAuditConfigurationAuditCheckConfigurations, AccountAuditConfigurationAuditCheckConfigurationsArgs

    AuthenticatedCognitoRoleOverlyPermissiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
    CaCertificateExpiringCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
    CaCertificateKeyQualityCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
    ConflictingClientIdsCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple devices connect using the same client ID.
    DeviceCertificateExpiringCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.
    DeviceCertificateKeyQualityCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
    DeviceCertificateSharedCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
    IntermediateCaRevokedForActiveDeviceCertificatesCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if device certificates are still active despite being revoked by an intermediate CA.
    IoTPolicyPotentialMisConfigurationCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
    IotPolicyOverlyPermissiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
    IotRoleAliasAllowsAccessToUnusedServicesCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
    IotRoleAliasOverlyPermissiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
    LoggingDisabledCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if AWS IoT logs are disabled.
    RevokedCaCertificateStillActiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked CA certificate is still active.
    RevokedDeviceCertificateStillActiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked device certificate is still active.
    UnauthenticatedCognitoRoleOverlyPermissiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
    Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
    AuthenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
    CaCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
    CaCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
    ConflictingClientIdsCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple devices connect using the same client ID.
    DeviceCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.
    DeviceCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
    DeviceCertificateSharedCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
    IntermediateCaRevokedForActiveDeviceCertificatesCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if device certificates are still active despite being revoked by an intermediate CA.
    IoTPolicyPotentialMisConfigurationCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
    IotPolicyOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
    IotRoleAliasAllowsAccessToUnusedServicesCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
    IotRoleAliasOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
    LoggingDisabledCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if AWS IoT logs are disabled.
    RevokedCaCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked CA certificate is still active.
    RevokedDeviceCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked device certificate is still active.
    UnauthenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
    authenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
    caCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
    caCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
    conflictingClientIdsCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple devices connect using the same client ID.
    deviceCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.
    deviceCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
    deviceCertificateSharedCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
    intermediateCaRevokedForActiveDeviceCertificatesCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if device certificates are still active despite being revoked by an intermediate CA.
    ioTPolicyPotentialMisConfigurationCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
    iotPolicyOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
    iotRoleAliasAllowsAccessToUnusedServicesCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
    iotRoleAliasOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
    loggingDisabledCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if AWS IoT logs are disabled.
    revokedCaCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked CA certificate is still active.
    revokedDeviceCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked device certificate is still active.
    unauthenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
    authenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
    caCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
    caCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
    conflictingClientIdsCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple devices connect using the same client ID.
    deviceCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.
    deviceCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
    deviceCertificateSharedCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
    intermediateCaRevokedForActiveDeviceCertificatesCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if device certificates are still active despite being revoked by an intermediate CA.
    ioTPolicyPotentialMisConfigurationCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
    iotPolicyOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
    iotRoleAliasAllowsAccessToUnusedServicesCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
    iotRoleAliasOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
    loggingDisabledCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if AWS IoT logs are disabled.
    revokedCaCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked CA certificate is still active.
    revokedDeviceCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked device certificate is still active.
    unauthenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
    Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
    authenticated_cognito_role_overly_permissive_check AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
    ca_certificate_expiring_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
    ca_certificate_key_quality_check AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
    conflicting_client_ids_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple devices connect using the same client ID.
    device_certificate_expiring_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.
    device_certificate_key_quality_check AccountAuditConfigurationAuditCheckConfiguration
    Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
    device_certificate_shared_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
    intermediate_ca_revoked_for_active_device_certificates_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if device certificates are still active despite being revoked by an intermediate CA.
    io_t_policy_potential_mis_configuration_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
    iot_policy_overly_permissive_check AccountAuditConfigurationAuditCheckConfiguration
    Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
    iot_role_alias_allows_access_to_unused_services_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
    iot_role_alias_overly_permissive_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
    logging_disabled_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if AWS IoT logs are disabled.
    revoked_ca_certificate_still_active_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked CA certificate is still active.
    revoked_device_certificate_still_active_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if a revoked device certificate is still active.
    unauthenticated_cognito_role_overly_permissive_check AccountAuditConfigurationAuditCheckConfiguration
    Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
    authenticatedCognitoRoleOverlyPermissiveCheck Property Map
    Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
    caCertificateExpiringCheck Property Map
    Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
    caCertificateKeyQualityCheck Property Map
    Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
    conflictingClientIdsCheck Property Map
    Checks if multiple devices connect using the same client ID.
    deviceCertificateExpiringCheck Property Map
    Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.
    deviceCertificateKeyQualityCheck Property Map
    Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
    deviceCertificateSharedCheck Property Map
    Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
    intermediateCaRevokedForActiveDeviceCertificatesCheck Property Map
    Checks if device certificates are still active despite being revoked by an intermediate CA.
    ioTPolicyPotentialMisConfigurationCheck Property Map
    Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
    iotPolicyOverlyPermissiveCheck Property Map
    Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
    iotRoleAliasAllowsAccessToUnusedServicesCheck Property Map
    Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
    iotRoleAliasOverlyPermissiveCheck Property Map
    Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
    loggingDisabledCheck Property Map
    Checks if AWS IoT logs are disabled.
    revokedCaCertificateStillActiveCheck Property Map
    Checks if a revoked CA certificate is still active.
    revokedDeviceCertificateStillActiveCheck Property Map
    Checks if a revoked device certificate is still active.
    unauthenticatedCognitoRoleOverlyPermissiveCheck Property Map
    Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

    AccountAuditConfigurationAuditNotificationTarget, AccountAuditConfigurationAuditNotificationTargetArgs

    Enabled bool
    True if notifications to the target are enabled.
    RoleArn string
    The ARN of the role that grants permission to send notifications to the target.
    TargetArn string
    The ARN of the target (SNS topic) to which audit notifications are sent.
    Enabled bool
    True if notifications to the target are enabled.
    RoleArn string
    The ARN of the role that grants permission to send notifications to the target.
    TargetArn string
    The ARN of the target (SNS topic) to which audit notifications are sent.
    enabled Boolean
    True if notifications to the target are enabled.
    roleArn String
    The ARN of the role that grants permission to send notifications to the target.
    targetArn String
    The ARN of the target (SNS topic) to which audit notifications are sent.
    enabled boolean
    True if notifications to the target are enabled.
    roleArn string
    The ARN of the role that grants permission to send notifications to the target.
    targetArn string
    The ARN of the target (SNS topic) to which audit notifications are sent.
    enabled bool
    True if notifications to the target are enabled.
    role_arn str
    The ARN of the role that grants permission to send notifications to the target.
    target_arn str
    The ARN of the target (SNS topic) to which audit notifications are sent.
    enabled Boolean
    True if notifications to the target are enabled.
    roleArn String
    The ARN of the role that grants permission to send notifications to the target.
    targetArn String
    The ARN of the target (SNS topic) to which audit notifications are sent.

    AccountAuditConfigurationAuditNotificationTargetConfigurations, AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs

    sns Property Map
    The Sns notification target.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi