software.amazon.awscdk.services.iot

Class CfnAccountAuditConfiguration

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.iot.CfnAccountAuditConfiguration

All Implemented Interfaces:

IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.57.0 (build f614666)",
           date="2022-04-22T09:30:48.390Z")
 @Stability(value=Stable)
public class CfnAccountAuditConfiguration
extends CfnResource
implements IInspectable

A CloudFormation `AWS::IoT::AccountAuditConfiguration`.

Use the AWS::IoT::AccountAuditConfiguration resource to configure or reconfigure the Device Defender audit settings for your account. Settings include how audit notifications are sent and which audit checks are enabled or disabled. For API reference, see UpdateAccountAuditConfiguration and for detailed information on all available audit checks, see Audit checks .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.iot.*;
 CfnAccountAuditConfiguration cfnAccountAuditConfiguration = CfnAccountAuditConfiguration.Builder.create(this, "MyCfnAccountAuditConfiguration")
         .accountId("accountId")
         .auditCheckConfigurations(AuditCheckConfigurationsProperty.builder()
                 .authenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .caCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .caCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .conflictingClientIdsCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .deviceCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .deviceCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .deviceCertificateSharedCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .iotPolicyOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .iotRoleAliasAllowsAccessToUnusedServicesCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .iotRoleAliasOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .loggingDisabledCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .revokedCaCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .revokedDeviceCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .unauthenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                         .enabled(false)
                         .build())
                 .build())
         .roleArn("roleArn")
         // the properties below are optional
         .auditNotificationTargetConfigurations(AuditNotificationTargetConfigurationsProperty.builder()
                 .sns(AuditNotificationTargetProperty.builder()
                         .enabled(false)
                         .roleArn("roleArn")
                         .targetArn("targetArn")
                         .build())
                 .build())
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	CfnAccountAuditConfiguration.AuditCheckConfigurationProperty Which audit checks are enabled and disabled for this account.
static interface	CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty The types of audit checks that can be performed.
static interface	CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty The configuration of the audit notification target.
static interface	CfnAccountAuditConfiguration.AuditNotificationTargetProperty Information about the targets to which audit notifications are sent.
static class	CfnAccountAuditConfiguration.Builder A fluent builder for CfnAccountAuditConfiguration.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnAccountAuditConfiguration(software.constructs.Construct scope, String id, CfnAccountAuditConfigurationProps props) Create a new `AWS::IoT::AccountAuditConfiguration`.
protected	CfnAccountAuditConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnAccountAuditConfiguration(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
String	getAccountId() The ID of the account.
Object	getAuditCheckConfigurations() Specifies which audit checks are enabled and disabled for this account.
Object	getAuditNotificationTargetConfigurations() Information about the targets to which audit notifications are sent.
protected Map<String,Object>	getCfnProperties()
String	getRoleArn() The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setAccountId(String value) The ID of the account.
void	setAuditCheckConfigurations(CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty value) Specifies which audit checks are enabled and disabled for this account.
void	setAuditCheckConfigurations(IResolvable value) Specifies which audit checks are enabled and disabled for this account.
void	setAuditNotificationTargetConfigurations(CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty value) Information about the targets to which audit notifications are sent.
void	setAuditNotificationTargetConfigurations(IResolvable value) Information about the targets to which audit notifications are sent.
void	setRoleArn(String value) The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Detail

CFN_RESOURCE_TYPE_NAME

@Stability(value=Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnAccountAuditConfiguration

protected CfnAccountAuditConfiguration(software.amazon.jsii.JsiiObjectRef objRef)

CfnAccountAuditConfiguration

protected CfnAccountAuditConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnAccountAuditConfiguration

@Stability(value=Stable)
public CfnAccountAuditConfiguration(@NotNull
                                                             software.constructs.Construct scope,
                                                             @NotNull
                                                             String id,
                                                             @NotNull
                                                             CfnAccountAuditConfigurationProps props)

Create a new `AWS::IoT::AccountAuditConfiguration`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

@Stability(value=Stable)
public void inspect(@NotNull
                                             TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> renderProperties(@NotNull
                                                                                 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getCfnProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getAccountId

@Stability(value=Stable)
 @NotNull
public String getAccountId()

The ID of the account.

You can use the expression !Sub "${AWS::AccountId}" to use your account ID.

setAccountId

@Stability(value=Stable)
public void setAccountId(@NotNull
                                                  String value)

The ID of the account.

You can use the expression !Sub "${AWS::AccountId}" to use your account ID.

getAuditCheckConfigurations

@Stability(value=Stable)
 @NotNull
public Object getAuditCheckConfigurations()

Specifies which audit checks are enabled and disabled for this account.

Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

If an enabled check is removed from the template, it will also be disabled.

You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

setAuditCheckConfigurations

@Stability(value=Stable)
public void setAuditCheckConfigurations(@NotNull
                                                                 CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty value)

Specifies which audit checks are enabled and disabled for this account.

Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

If an enabled check is removed from the template, it will also be disabled.

You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

setAuditCheckConfigurations

@Stability(value=Stable)
public void setAuditCheckConfigurations(@NotNull
                                                                 IResolvable value)

Specifies which audit checks are enabled and disabled for this account.

Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the Enabled: key to false .

If an enabled check is removed from the template, it will also be disabled.

You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.

For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations

getRoleArn

@Stability(value=Stable)
 @NotNull
public String getRoleArn()

The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.

setRoleArn

@Stability(value=Stable)
public void setRoleArn(@NotNull
                                                String value)

The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.

getAuditNotificationTargetConfigurations

@Stability(value=Stable)
 @Nullable
public Object getAuditNotificationTargetConfigurations()

Information about the targets to which audit notifications are sent.

setAuditNotificationTargetConfigurations

@Stability(value=Stable)
public void setAuditNotificationTargetConfigurations(@Nullable
                                                                              CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty value)

Information about the targets to which audit notifications are sent.

setAuditNotificationTargetConfigurations

@Stability(value=Stable)
public void setAuditNotificationTargetConfigurations(@Nullable
                                                                              IResolvable value)

Information about the targets to which audit notifications are sent.