Class CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

The types of audit checks that can be performed.

Inheritance

System.Object

CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Implements

CfnAccountAuditConfiguration.IAuditCheckConfigurationsProperty

Namespace: Amazon.CDK.AWS.IoT

Assembly: Amazon.CDK.AWS.IoT.dll

Syntax (csharp)

public class AuditCheckConfigurationsProperty : Object, CfnAccountAuditConfiguration.IAuditCheckConfigurationsProperty

Syntax (vb)

Public Class AuditCheckConfigurationsProperty
    Inherits Object
    Implements CfnAccountAuditConfiguration.IAuditCheckConfigurationsProperty

Remarks

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.IoT;

var auditCheckConfigurationsProperty = new AuditCheckConfigurationsProperty {
    AuthenticatedCognitoRoleOverlyPermissiveCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    CaCertificateExpiringCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    CaCertificateKeyQualityCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    ConflictingClientIdsCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    DeviceCertificateExpiringCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    DeviceCertificateKeyQualityCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    DeviceCertificateSharedCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    IntermediateCaRevokedForActiveDeviceCertificatesCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    IotPolicyOverlyPermissiveCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    IoTPolicyPotentialMisConfigurationCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    IotRoleAliasAllowsAccessToUnusedServicesCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    IotRoleAliasOverlyPermissiveCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    LoggingDisabledCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    RevokedCaCertificateStillActiveCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    RevokedDeviceCertificateStillActiveCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    },
    UnauthenticatedCognitoRoleOverlyPermissiveCheck = new AuditCheckConfigurationProperty {
        Enabled = false
    }
};

Synopsis

Constructors

AuditCheckConfigurationsProperty()

Properties

AuthenticatedCognitoRoleOverlyPermissiveCheck	Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
CaCertificateExpiringCheck	Checks if a CA certificate is expiring.
CaCertificateKeyQualityCheck	Checks the quality of the CA certificate key.
ConflictingClientIdsCheck	Checks if multiple devices connect using the same client ID.
DeviceCertificateExpiringCheck	Checks if a device certificate is expiring.
DeviceCertificateKeyQualityCheck	Checks the quality of the device certificate key.
DeviceCertificateSharedCheck	Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
IntermediateCaRevokedForActiveDeviceCertificatesCheck	`CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.IntermediateCaRevokedForActiveDeviceCertificatesCheck`.
IotPolicyOverlyPermissiveCheck	Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
IoTPolicyPotentialMisConfigurationCheck	`CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.IoTPolicyPotentialMisConfigurationCheck`.
IotRoleAliasAllowsAccessToUnusedServicesCheck	Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
IotRoleAliasOverlyPermissiveCheck	Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
LoggingDisabledCheck	Checks if AWS IoT logs are disabled.
RevokedCaCertificateStillActiveCheck	Checks if a revoked CA certificate is still active.
RevokedDeviceCertificateStillActiveCheck	Checks if a revoked device certificate is still active.
UnauthenticatedCognitoRoleOverlyPermissiveCheck	Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

Constructors

AuditCheckConfigurationsProperty()

public AuditCheckConfigurationsProperty()

Properties

AuthenticatedCognitoRoleOverlyPermissiveCheck

Checks the permissiveness of an authenticated Amazon Cognito identity pool role.

public object AuthenticatedCognitoRoleOverlyPermissiveCheck { get; set; }

Property Value

System.Object

Remarks

For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-authenticatedcognitoroleoverlypermissivecheck

CaCertificateExpiringCheck

Checks if a CA certificate is expiring.

public object CaCertificateExpiringCheck { get; set; }

Property Value

System.Object

Remarks

This check applies to CA certificates expiring within 30 days or that have expired.

CaCertificateKeyQualityCheck

Checks the quality of the CA certificate key.

public object CaCertificateKeyQualityCheck { get; set; }

Property Value

System.Object

Remarks

The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .

ConflictingClientIdsCheck

Checks if multiple devices connect using the same client ID.

public object ConflictingClientIdsCheck { get; set; }

Property Value

System.Object

Remarks

DeviceCertificateExpiringCheck

Checks if a device certificate is expiring.

public object DeviceCertificateExpiringCheck { get; set; }

Property Value

System.Object

Remarks

This check applies to device certificates expiring within 30 days or that have expired.

DeviceCertificateKeyQualityCheck

Checks the quality of the device certificate key.

public object DeviceCertificateKeyQualityCheck { get; set; }

Property Value

System.Object

Remarks

The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.

DeviceCertificateSharedCheck

Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .

public object DeviceCertificateSharedCheck { get; set; }

Property Value

System.Object

Remarks

IntermediateCaRevokedForActiveDeviceCertificatesCheck

CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.IntermediateCaRevokedForActiveDeviceCertificatesCheck.

public object IntermediateCaRevokedForActiveDeviceCertificatesCheck { get; set; }

Property Value

System.Object

Remarks

IotPolicyOverlyPermissiveCheck

Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.

public object IotPolicyOverlyPermissiveCheck { get; set; }

Property Value

System.Object

Remarks

IoTPolicyPotentialMisConfigurationCheck

CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.IoTPolicyPotentialMisConfigurationCheck.

public object IoTPolicyPotentialMisConfigurationCheck { get; set; }

Property Value

System.Object

Remarks

IotRoleAliasAllowsAccessToUnusedServicesCheck

Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.

public object IotRoleAliasAllowsAccessToUnusedServicesCheck { get; set; }

Property Value

System.Object

Remarks

IotRoleAliasOverlyPermissiveCheck

Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.

public object IotRoleAliasOverlyPermissiveCheck { get; set; }

Property Value

System.Object

Remarks

LoggingDisabledCheck

Checks if AWS IoT logs are disabled.

public object LoggingDisabledCheck { get; set; }

Property Value

System.Object

Remarks

RevokedCaCertificateStillActiveCheck

Checks if a revoked CA certificate is still active.

public object RevokedCaCertificateStillActiveCheck { get; set; }

Property Value

System.Object

Remarks

RevokedDeviceCertificateStillActiveCheck

Checks if a revoked device certificate is still active.

public object RevokedDeviceCertificateStillActiveCheck { get; set; }

Property Value

System.Object

Remarks

UnauthenticatedCognitoRoleOverlyPermissiveCheck

Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

public object UnauthenticatedCognitoRoleOverlyPermissiveCheck { get; set; }