Class: AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationsProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
io_t/cfn_account_audit_configuration.rb

Overview

The types of audit checks that can be performed.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(authenticated_cognito_role_overly_permissive_check: nil, ca_certificate_expiring_check: nil, ca_certificate_key_quality_check: nil, conflicting_client_ids_check: nil, device_certificate_age_check: nil, device_certificate_expiring_check: nil, device_certificate_key_quality_check: nil, device_certificate_shared_check: nil, intermediate_ca_revoked_for_active_device_certificates_check: nil, iot_policy_overly_permissive_check: nil, io_t_policy_potential_mis_configuration_check: nil, iot_role_alias_allows_access_to_unused_services_check: nil, iot_role_alias_overly_permissive_check: nil, logging_disabled_check: nil, revoked_ca_certificate_still_active_check: nil, revoked_device_certificate_still_active_check: nil, unauthenticated_cognito_role_overly_permissive_check: nil) ⇒ AuditCheckConfigurationsProperty

Returns a new instance of AuditCheckConfigurationsProperty.

Parameters:



584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
# File 'io_t/cfn_account_audit_configuration.rb', line 584

def initialize(authenticated_cognito_role_overly_permissive_check: nil, ca_certificate_expiring_check: nil, ca_certificate_key_quality_check: nil, conflicting_client_ids_check: nil, device_certificate_age_check: nil, device_certificate_expiring_check: nil, device_certificate_key_quality_check: nil, device_certificate_shared_check: nil, intermediate_ca_revoked_for_active_device_certificates_check: nil, iot_policy_overly_permissive_check: nil, io_t_policy_potential_mis_configuration_check: nil, iot_role_alias_allows_access_to_unused_services_check: nil, iot_role_alias_overly_permissive_check: nil, logging_disabled_check: nil, revoked_ca_certificate_still_active_check: nil, revoked_device_certificate_still_active_check: nil, unauthenticated_cognito_role_overly_permissive_check: nil)
  @authenticated_cognito_role_overly_permissive_check = authenticated_cognito_role_overly_permissive_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**authenticated_cognito_role_overly_permissive_check.transform_keys(&:to_sym)) : authenticated_cognito_role_overly_permissive_check
  Jsii::Type.check_type(@authenticated_cognito_role_overly_permissive_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "authenticatedCognitoRoleOverlyPermissiveCheck") unless @authenticated_cognito_role_overly_permissive_check.nil?
  @ca_certificate_expiring_check = ca_certificate_expiring_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**ca_certificate_expiring_check.transform_keys(&:to_sym)) : ca_certificate_expiring_check
  Jsii::Type.check_type(@ca_certificate_expiring_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "caCertificateExpiringCheck") unless @ca_certificate_expiring_check.nil?
  @ca_certificate_key_quality_check = ca_certificate_key_quality_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**ca_certificate_key_quality_check.transform_keys(&:to_sym)) : ca_certificate_key_quality_check
  Jsii::Type.check_type(@ca_certificate_key_quality_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "caCertificateKeyQualityCheck") unless @ca_certificate_key_quality_check.nil?
  @conflicting_client_ids_check = conflicting_client_ids_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**conflicting_client_ids_check.transform_keys(&:to_sym)) : conflicting_client_ids_check
  Jsii::Type.check_type(@conflicting_client_ids_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "conflictingClientIdsCheck") unless @conflicting_client_ids_check.nil?
  @device_certificate_age_check = device_certificate_age_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::DeviceCertAgeAuditCheckConfigurationProperty.new(**device_certificate_age_check.transform_keys(&:to_sym)) : device_certificate_age_check
  Jsii::Type.check_type(@device_certificate_age_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5EZXZpY2VDZXJ0QWdlQXVkaXRDaGVja0NvbmZpZ3VyYXRpb25Qcm9wZXJ0eSJ9XX19")), "deviceCertificateAgeCheck") unless @device_certificate_age_check.nil?
  @device_certificate_expiring_check = device_certificate_expiring_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**device_certificate_expiring_check.transform_keys(&:to_sym)) : device_certificate_expiring_check
  Jsii::Type.check_type(@device_certificate_expiring_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "deviceCertificateExpiringCheck") unless @device_certificate_expiring_check.nil?
  @device_certificate_key_quality_check = device_certificate_key_quality_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**device_certificate_key_quality_check.transform_keys(&:to_sym)) : device_certificate_key_quality_check
  Jsii::Type.check_type(@device_certificate_key_quality_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "deviceCertificateKeyQualityCheck") unless @device_certificate_key_quality_check.nil?
  @device_certificate_shared_check = device_certificate_shared_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**device_certificate_shared_check.transform_keys(&:to_sym)) : device_certificate_shared_check
  Jsii::Type.check_type(@device_certificate_shared_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "deviceCertificateSharedCheck") unless @device_certificate_shared_check.nil?
  @intermediate_ca_revoked_for_active_device_certificates_check = intermediate_ca_revoked_for_active_device_certificates_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**intermediate_ca_revoked_for_active_device_certificates_check.transform_keys(&:to_sym)) : intermediate_ca_revoked_for_active_device_certificates_check
  Jsii::Type.check_type(@intermediate_ca_revoked_for_active_device_certificates_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "intermediateCaRevokedForActiveDeviceCertificatesCheck") unless @intermediate_ca_revoked_for_active_device_certificates_check.nil?
  @iot_policy_overly_permissive_check = iot_policy_overly_permissive_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**iot_policy_overly_permissive_check.transform_keys(&:to_sym)) : iot_policy_overly_permissive_check
  Jsii::Type.check_type(@iot_policy_overly_permissive_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "iotPolicyOverlyPermissiveCheck") unless @iot_policy_overly_permissive_check.nil?
  @io_t_policy_potential_mis_configuration_check = io_t_policy_potential_mis_configuration_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**io_t_policy_potential_mis_configuration_check.transform_keys(&:to_sym)) : io_t_policy_potential_mis_configuration_check
  Jsii::Type.check_type(@io_t_policy_potential_mis_configuration_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "ioTPolicyPotentialMisConfigurationCheck") unless @io_t_policy_potential_mis_configuration_check.nil?
  @iot_role_alias_allows_access_to_unused_services_check = iot_role_alias_allows_access_to_unused_services_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**iot_role_alias_allows_access_to_unused_services_check.transform_keys(&:to_sym)) : iot_role_alias_allows_access_to_unused_services_check
  Jsii::Type.check_type(@iot_role_alias_allows_access_to_unused_services_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "iotRoleAliasAllowsAccessToUnusedServicesCheck") unless @iot_role_alias_allows_access_to_unused_services_check.nil?
  @iot_role_alias_overly_permissive_check = iot_role_alias_overly_permissive_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**iot_role_alias_overly_permissive_check.transform_keys(&:to_sym)) : iot_role_alias_overly_permissive_check
  Jsii::Type.check_type(@iot_role_alias_overly_permissive_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "iotRoleAliasOverlyPermissiveCheck") unless @iot_role_alias_overly_permissive_check.nil?
  @logging_disabled_check = logging_disabled_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**logging_disabled_check.transform_keys(&:to_sym)) : logging_disabled_check
  Jsii::Type.check_type(@logging_disabled_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "loggingDisabledCheck") unless @logging_disabled_check.nil?
  @revoked_ca_certificate_still_active_check = revoked_ca_certificate_still_active_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**revoked_ca_certificate_still_active_check.transform_keys(&:to_sym)) : revoked_ca_certificate_still_active_check
  Jsii::Type.check_type(@revoked_ca_certificate_still_active_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "revokedCaCertificateStillActiveCheck") unless @revoked_ca_certificate_still_active_check.nil?
  @revoked_device_certificate_still_active_check = revoked_device_certificate_still_active_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**revoked_device_certificate_still_active_check.transform_keys(&:to_sym)) : revoked_device_certificate_still_active_check
  Jsii::Type.check_type(@revoked_device_certificate_still_active_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "revokedDeviceCertificateStillActiveCheck") unless @revoked_device_certificate_still_active_check.nil?
  @unauthenticated_cognito_role_overly_permissive_check = unauthenticated_cognito_role_overly_permissive_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**unauthenticated_cognito_role_overly_permissive_check.transform_keys(&:to_sym)) : unauthenticated_cognito_role_overly_permissive_check
  Jsii::Type.check_type(@unauthenticated_cognito_role_overly_permissive_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "unauthenticatedCognitoRoleOverlyPermissiveCheck") unless @unauthenticated_cognito_role_overly_permissive_check.nil?
end

Instance Attribute Details

#authenticated_cognito_role_overly_permissive_checkAWSCDK::IResolvable, ... (readonly)

Checks the permissiveness of an authenticated Amazon Cognito identity pool role.

For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.



627
628
629
# File 'io_t/cfn_account_audit_configuration.rb', line 627

def authenticated_cognito_role_overly_permissive_check
  @authenticated_cognito_role_overly_permissive_check
end

#ca_certificate_expiring_checkAWSCDK::IResolvable, ... (readonly)

Checks if a CA certificate is expiring.

This check applies to CA certificates expiring within 30 days or that have expired.



634
635
636
# File 'io_t/cfn_account_audit_configuration.rb', line 634

def ca_certificate_expiring_check
  @ca_certificate_expiring_check
end

#ca_certificate_key_quality_checkAWSCDK::IResolvable, ... (readonly)

Checks the quality of the CA certificate key.

The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .



641
642
643
# File 'io_t/cfn_account_audit_configuration.rb', line 641

def ca_certificate_key_quality_check
  @ca_certificate_key_quality_check
end

#conflicting_client_ids_checkAWSCDK::IResolvable, ... (readonly)

Checks if multiple devices connect using the same client ID.



646
647
648
# File 'io_t/cfn_account_audit_configuration.rb', line 646

def conflicting_client_ids_check
  @conflicting_client_ids_check
end

#device_certificate_age_checkAWSCDK::IResolvable, ... (readonly)

Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.



651
652
653
# File 'io_t/cfn_account_audit_configuration.rb', line 651

def device_certificate_age_check
  @device_certificate_age_check
end

#device_certificate_expiring_checkAWSCDK::IResolvable, ... (readonly)

Checks if a device certificate is expiring.

By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.



658
659
660
# File 'io_t/cfn_account_audit_configuration.rb', line 658

def device_certificate_expiring_check
  @device_certificate_expiring_check
end

#device_certificate_key_quality_checkAWSCDK::IResolvable, ... (readonly)

Checks the quality of the device certificate key.

The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.



665
666
667
# File 'io_t/cfn_account_audit_configuration.rb', line 665

def device_certificate_key_quality_check
  @device_certificate_key_quality_check
end

#device_certificate_shared_checkAWSCDK::IResolvable, ... (readonly)

Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .



670
671
672
# File 'io_t/cfn_account_audit_configuration.rb', line 670

def device_certificate_shared_check
  @device_certificate_shared_check
end

#intermediate_ca_revoked_for_active_device_certificates_checkAWSCDK::IResolvable, ... (readonly)

Checks if device certificates are still active despite being revoked by an intermediate CA.



675
676
677
# File 'io_t/cfn_account_audit_configuration.rb', line 675

def intermediate_ca_revoked_for_active_device_certificates_check
  @intermediate_ca_revoked_for_active_device_certificates_check
end

#io_t_policy_potential_mis_configuration_checkAWSCDK::IResolvable, ... (readonly)

Checks if an AWS IoT policy is potentially misconfigured.

Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.



687
688
689
# File 'io_t/cfn_account_audit_configuration.rb', line 687

def io_t_policy_potential_mis_configuration_check
  @io_t_policy_potential_mis_configuration_check
end

#iot_policy_overly_permissive_checkAWSCDK::IResolvable, ... (readonly)

Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.



680
681
682
# File 'io_t/cfn_account_audit_configuration.rb', line 680

def iot_policy_overly_permissive_check
  @iot_policy_overly_permissive_check
end

#iot_role_alias_allows_access_to_unused_services_checkAWSCDK::IResolvable, ... (readonly)

Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.



692
693
694
# File 'io_t/cfn_account_audit_configuration.rb', line 692

def iot_role_alias_allows_access_to_unused_services_check
  @iot_role_alias_allows_access_to_unused_services_check
end

#iot_role_alias_overly_permissive_checkAWSCDK::IResolvable, ... (readonly)

Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.



697
698
699
# File 'io_t/cfn_account_audit_configuration.rb', line 697

def iot_role_alias_overly_permissive_check
  @iot_role_alias_overly_permissive_check
end

#logging_disabled_checkAWSCDK::IResolvable, ... (readonly)

Checks if AWS IoT logs are disabled.



702
703
704
# File 'io_t/cfn_account_audit_configuration.rb', line 702

def logging_disabled_check
  @logging_disabled_check
end

#revoked_ca_certificate_still_active_checkAWSCDK::IResolvable, ... (readonly)

Checks if a revoked CA certificate is still active.



707
708
709
# File 'io_t/cfn_account_audit_configuration.rb', line 707

def revoked_ca_certificate_still_active_check
  @revoked_ca_certificate_still_active_check
end

#revoked_device_certificate_still_active_checkAWSCDK::IResolvable, ... (readonly)

Checks if a revoked device certificate is still active.



712
713
714
# File 'io_t/cfn_account_audit_configuration.rb', line 712

def revoked_device_certificate_still_active_check
  @revoked_device_certificate_still_active_check
end

#unauthenticated_cognito_role_overly_permissive_checkAWSCDK::IResolvable, ... (readonly)

Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.



717
718
719
# File 'io_t/cfn_account_audit_configuration.rb', line 717

def unauthenticated_cognito_role_overly_permissive_check
  @unauthenticated_cognito_role_overly_permissive_check
end

Class Method Details

.jsii_propertiesObject



719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
# File 'io_t/cfn_account_audit_configuration.rb', line 719

def self.jsii_properties
  {
    :authenticated_cognito_role_overly_permissive_check => "authenticatedCognitoRoleOverlyPermissiveCheck",
    :ca_certificate_expiring_check => "caCertificateExpiringCheck",
    :ca_certificate_key_quality_check => "caCertificateKeyQualityCheck",
    :conflicting_client_ids_check => "conflictingClientIdsCheck",
    :device_certificate_age_check => "deviceCertificateAgeCheck",
    :device_certificate_expiring_check => "deviceCertificateExpiringCheck",
    :device_certificate_key_quality_check => "deviceCertificateKeyQualityCheck",
    :device_certificate_shared_check => "deviceCertificateSharedCheck",
    :intermediate_ca_revoked_for_active_device_certificates_check => "intermediateCaRevokedForActiveDeviceCertificatesCheck",
    :iot_policy_overly_permissive_check => "iotPolicyOverlyPermissiveCheck",
    :io_t_policy_potential_mis_configuration_check => "ioTPolicyPotentialMisConfigurationCheck",
    :iot_role_alias_allows_access_to_unused_services_check => "iotRoleAliasAllowsAccessToUnusedServicesCheck",
    :iot_role_alias_overly_permissive_check => "iotRoleAliasOverlyPermissiveCheck",
    :logging_disabled_check => "loggingDisabledCheck",
    :revoked_ca_certificate_still_active_check => "revokedCaCertificateStillActiveCheck",
    :revoked_device_certificate_still_active_check => "revokedDeviceCertificateStillActiveCheck",
    :unauthenticated_cognito_role_overly_permissive_check => "unauthenticatedCognitoRoleOverlyPermissiveCheck",
  }
end

Instance Method Details

#to_jsiiObject



741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
# File 'io_t/cfn_account_audit_configuration.rb', line 741

def to_jsii
  result = {}
  result.merge!({
    "authenticatedCognitoRoleOverlyPermissiveCheck" => @authenticated_cognito_role_overly_permissive_check,
    "caCertificateExpiringCheck" => @ca_certificate_expiring_check,
    "caCertificateKeyQualityCheck" => @ca_certificate_key_quality_check,
    "conflictingClientIdsCheck" => @conflicting_client_ids_check,
    "deviceCertificateAgeCheck" => @device_certificate_age_check,
    "deviceCertificateExpiringCheck" => @device_certificate_expiring_check,
    "deviceCertificateKeyQualityCheck" => @device_certificate_key_quality_check,
    "deviceCertificateSharedCheck" => @device_certificate_shared_check,
    "intermediateCaRevokedForActiveDeviceCertificatesCheck" => @intermediate_ca_revoked_for_active_device_certificates_check,
    "iotPolicyOverlyPermissiveCheck" => @iot_policy_overly_permissive_check,
    "ioTPolicyPotentialMisConfigurationCheck" => @io_t_policy_potential_mis_configuration_check,
    "iotRoleAliasAllowsAccessToUnusedServicesCheck" => @iot_role_alias_allows_access_to_unused_services_check,
    "iotRoleAliasOverlyPermissiveCheck" => @iot_role_alias_overly_permissive_check,
    "loggingDisabledCheck" => @logging_disabled_check,
    "revokedCaCertificateStillActiveCheck" => @revoked_ca_certificate_still_active_check,
    "revokedDeviceCertificateStillActiveCheck" => @revoked_device_certificate_still_active_check,
    "unauthenticatedCognitoRoleOverlyPermissiveCheck" => @unauthenticated_cognito_role_overly_permissive_check,
  })
  result.compact
end