Interface CfnAccountAuditConfigurationProps
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnAccountAuditConfigurationProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
date="2023-06-19T16:29:57.518Z")
@Stability(Stable)
public interface CfnAccountAuditConfigurationProps
extends software.amazon.jsii.JsiiSerializable
Properties for defining a
CfnAccountAuditConfiguration
.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.iot.*; CfnAccountAuditConfigurationProps cfnAccountAuditConfigurationProps = CfnAccountAuditConfigurationProps.builder() .accountId("accountId") .auditCheckConfigurations(AuditCheckConfigurationsProperty.builder() .authenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .caCertificateExpiringCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .caCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .conflictingClientIdsCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .deviceCertificateExpiringCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .deviceCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .deviceCertificateSharedCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .intermediateCaRevokedForActiveDeviceCertificatesCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .iotPolicyOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .ioTPolicyPotentialMisConfigurationCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .iotRoleAliasAllowsAccessToUnusedServicesCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .iotRoleAliasOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .loggingDisabledCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .revokedCaCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .revokedDeviceCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .unauthenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder() .enabled(false) .build()) .build()) .roleArn("roleArn") // the properties below are optional .auditNotificationTargetConfigurations(AuditNotificationTargetConfigurationsProperty.builder() .sns(AuditNotificationTargetProperty.builder() .enabled(false) .roleArn("roleArn") .targetArn("targetArn") .build()) .build()) .build();
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forCfnAccountAuditConfigurationProps
static final class
An implementation forCfnAccountAuditConfigurationProps
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
The ID of the account.Specifies which audit checks are enabled and disabled for this account.default Object
Information about the targets to which audit notifications are sent.The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAccountId
The ID of the account.You can use the expression
!Sub "${AWS::AccountId}"
to use your account ID. -
getAuditCheckConfigurations
Specifies which audit checks are enabled and disabled for this account.Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:
key tofalse
.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
-
getRoleArn
The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit. -
getAuditNotificationTargetConfigurations
Information about the targets to which audit notifications are sent. -
builder
-