Class: AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationsProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationsProperty
- Defined in:
- io_t/cfn_account_audit_configuration.rb
Overview
The types of audit checks that can be performed.
Instance Attribute Summary collapse
-
#authenticated_cognito_role_overly_permissive_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
-
#ca_certificate_expiring_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if a CA certificate is expiring.
-
#ca_certificate_key_quality_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks the quality of the CA certificate key.
-
#conflicting_client_ids_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if multiple devices connect using the same client ID.
-
#device_certificate_age_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
-
#device_certificate_expiring_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if a device certificate is expiring.
-
#device_certificate_key_quality_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks the quality of the device certificate key.
-
#device_certificate_shared_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
-
#intermediate_ca_revoked_for_active_device_certificates_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if device certificates are still active despite being revoked by an intermediate CA.
-
#io_t_policy_potential_mis_configuration_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if an AWS IoT policy is potentially misconfigured.
-
#iot_policy_overly_permissive_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
-
#iot_role_alias_allows_access_to_unused_services_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
-
#iot_role_alias_overly_permissive_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
-
#logging_disabled_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if AWS IoT logs are disabled.
-
#revoked_ca_certificate_still_active_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if a revoked CA certificate is still active.
-
#revoked_device_certificate_still_active_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if a revoked device certificate is still active.
-
#unauthenticated_cognito_role_overly_permissive_check ⇒ AWSCDK::IResolvable, ...
readonly
Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(authenticated_cognito_role_overly_permissive_check: nil, ca_certificate_expiring_check: nil, ca_certificate_key_quality_check: nil, conflicting_client_ids_check: nil, device_certificate_age_check: nil, device_certificate_expiring_check: nil, device_certificate_key_quality_check: nil, device_certificate_shared_check: nil, intermediate_ca_revoked_for_active_device_certificates_check: nil, iot_policy_overly_permissive_check: nil, io_t_policy_potential_mis_configuration_check: nil, iot_role_alias_allows_access_to_unused_services_check: nil, iot_role_alias_overly_permissive_check: nil, logging_disabled_check: nil, revoked_ca_certificate_still_active_check: nil, revoked_device_certificate_still_active_check: nil, unauthenticated_cognito_role_overly_permissive_check: nil) ⇒ AuditCheckConfigurationsProperty
constructor
A new instance of AuditCheckConfigurationsProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(authenticated_cognito_role_overly_permissive_check: nil, ca_certificate_expiring_check: nil, ca_certificate_key_quality_check: nil, conflicting_client_ids_check: nil, device_certificate_age_check: nil, device_certificate_expiring_check: nil, device_certificate_key_quality_check: nil, device_certificate_shared_check: nil, intermediate_ca_revoked_for_active_device_certificates_check: nil, iot_policy_overly_permissive_check: nil, io_t_policy_potential_mis_configuration_check: nil, iot_role_alias_allows_access_to_unused_services_check: nil, iot_role_alias_overly_permissive_check: nil, logging_disabled_check: nil, revoked_ca_certificate_still_active_check: nil, revoked_device_certificate_still_active_check: nil, unauthenticated_cognito_role_overly_permissive_check: nil) ⇒ AuditCheckConfigurationsProperty
Returns a new instance of AuditCheckConfigurationsProperty.
584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 |
# File 'io_t/cfn_account_audit_configuration.rb', line 584 def initialize(authenticated_cognito_role_overly_permissive_check: nil, ca_certificate_expiring_check: nil, ca_certificate_key_quality_check: nil, conflicting_client_ids_check: nil, device_certificate_age_check: nil, device_certificate_expiring_check: nil, device_certificate_key_quality_check: nil, device_certificate_shared_check: nil, intermediate_ca_revoked_for_active_device_certificates_check: nil, iot_policy_overly_permissive_check: nil, io_t_policy_potential_mis_configuration_check: nil, iot_role_alias_allows_access_to_unused_services_check: nil, iot_role_alias_overly_permissive_check: nil, logging_disabled_check: nil, revoked_ca_certificate_still_active_check: nil, revoked_device_certificate_still_active_check: nil, unauthenticated_cognito_role_overly_permissive_check: nil) @authenticated_cognito_role_overly_permissive_check = authenticated_cognito_role_overly_permissive_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**authenticated_cognito_role_overly_permissive_check.transform_keys(&:to_sym)) : authenticated_cognito_role_overly_permissive_check Jsii::Type.check_type(@authenticated_cognito_role_overly_permissive_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "authenticatedCognitoRoleOverlyPermissiveCheck") unless @authenticated_cognito_role_overly_permissive_check.nil? @ca_certificate_expiring_check = ca_certificate_expiring_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**ca_certificate_expiring_check.transform_keys(&:to_sym)) : ca_certificate_expiring_check Jsii::Type.check_type(@ca_certificate_expiring_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "caCertificateExpiringCheck") unless @ca_certificate_expiring_check.nil? @ca_certificate_key_quality_check = ca_certificate_key_quality_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**ca_certificate_key_quality_check.transform_keys(&:to_sym)) : ca_certificate_key_quality_check Jsii::Type.check_type(@ca_certificate_key_quality_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "caCertificateKeyQualityCheck") unless @ca_certificate_key_quality_check.nil? @conflicting_client_ids_check = conflicting_client_ids_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**conflicting_client_ids_check.transform_keys(&:to_sym)) : conflicting_client_ids_check Jsii::Type.check_type(@conflicting_client_ids_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "conflictingClientIdsCheck") unless @conflicting_client_ids_check.nil? @device_certificate_age_check = device_certificate_age_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::DeviceCertAgeAuditCheckConfigurationProperty.new(**device_certificate_age_check.transform_keys(&:to_sym)) : device_certificate_age_check Jsii::Type.check_type(@device_certificate_age_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5EZXZpY2VDZXJ0QWdlQXVkaXRDaGVja0NvbmZpZ3VyYXRpb25Qcm9wZXJ0eSJ9XX19")), "deviceCertificateAgeCheck") unless @device_certificate_age_check.nil? @device_certificate_expiring_check = device_certificate_expiring_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**device_certificate_expiring_check.transform_keys(&:to_sym)) : device_certificate_expiring_check Jsii::Type.check_type(@device_certificate_expiring_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "deviceCertificateExpiringCheck") unless @device_certificate_expiring_check.nil? @device_certificate_key_quality_check = device_certificate_key_quality_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**device_certificate_key_quality_check.transform_keys(&:to_sym)) : device_certificate_key_quality_check Jsii::Type.check_type(@device_certificate_key_quality_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "deviceCertificateKeyQualityCheck") unless @device_certificate_key_quality_check.nil? @device_certificate_shared_check = device_certificate_shared_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**device_certificate_shared_check.transform_keys(&:to_sym)) : device_certificate_shared_check Jsii::Type.check_type(@device_certificate_shared_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "deviceCertificateSharedCheck") unless @device_certificate_shared_check.nil? @intermediate_ca_revoked_for_active_device_certificates_check = intermediate_ca_revoked_for_active_device_certificates_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**intermediate_ca_revoked_for_active_device_certificates_check.transform_keys(&:to_sym)) : intermediate_ca_revoked_for_active_device_certificates_check Jsii::Type.check_type(@intermediate_ca_revoked_for_active_device_certificates_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "intermediateCaRevokedForActiveDeviceCertificatesCheck") unless @intermediate_ca_revoked_for_active_device_certificates_check.nil? @iot_policy_overly_permissive_check = iot_policy_overly_permissive_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**iot_policy_overly_permissive_check.transform_keys(&:to_sym)) : iot_policy_overly_permissive_check Jsii::Type.check_type(@iot_policy_overly_permissive_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "iotPolicyOverlyPermissiveCheck") unless @iot_policy_overly_permissive_check.nil? @io_t_policy_potential_mis_configuration_check = io_t_policy_potential_mis_configuration_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**io_t_policy_potential_mis_configuration_check.transform_keys(&:to_sym)) : io_t_policy_potential_mis_configuration_check Jsii::Type.check_type(@io_t_policy_potential_mis_configuration_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "ioTPolicyPotentialMisConfigurationCheck") unless @io_t_policy_potential_mis_configuration_check.nil? @iot_role_alias_allows_access_to_unused_services_check = iot_role_alias_allows_access_to_unused_services_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**iot_role_alias_allows_access_to_unused_services_check.transform_keys(&:to_sym)) : iot_role_alias_allows_access_to_unused_services_check Jsii::Type.check_type(@iot_role_alias_allows_access_to_unused_services_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "iotRoleAliasAllowsAccessToUnusedServicesCheck") unless @iot_role_alias_allows_access_to_unused_services_check.nil? @iot_role_alias_overly_permissive_check = iot_role_alias_overly_permissive_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**iot_role_alias_overly_permissive_check.transform_keys(&:to_sym)) : iot_role_alias_overly_permissive_check Jsii::Type.check_type(@iot_role_alias_overly_permissive_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "iotRoleAliasOverlyPermissiveCheck") unless @iot_role_alias_overly_permissive_check.nil? @logging_disabled_check = logging_disabled_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**logging_disabled_check.transform_keys(&:to_sym)) : logging_disabled_check Jsii::Type.check_type(@logging_disabled_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "loggingDisabledCheck") unless @logging_disabled_check.nil? @revoked_ca_certificate_still_active_check = revoked_ca_certificate_still_active_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**revoked_ca_certificate_still_active_check.transform_keys(&:to_sym)) : revoked_ca_certificate_still_active_check Jsii::Type.check_type(@revoked_ca_certificate_still_active_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "revokedCaCertificateStillActiveCheck") unless @revoked_ca_certificate_still_active_check.nil? @revoked_device_certificate_still_active_check = revoked_device_certificate_still_active_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**revoked_device_certificate_still_active_check.transform_keys(&:to_sym)) : revoked_device_certificate_still_active_check Jsii::Type.check_type(@revoked_device_certificate_still_active_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "revokedDeviceCertificateStillActiveCheck") unless @revoked_device_certificate_still_active_check.nil? @unauthenticated_cognito_role_overly_permissive_check = unauthenticated_cognito_role_overly_permissive_check.is_a?(Hash) ? ::AWSCDK::IoT::CfnAccountAuditConfiguration::AuditCheckConfigurationProperty.new(**unauthenticated_cognito_role_overly_permissive_check.transform_keys(&:to_sym)) : unauthenticated_cognito_role_overly_permissive_check Jsii::Type.check_type(@unauthenticated_cognito_role_overly_permissive_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pb3QuQ2ZuQWNjb3VudEF1ZGl0Q29uZmlndXJhdGlvbi5BdWRpdENoZWNrQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "unauthenticatedCognitoRoleOverlyPermissiveCheck") unless @unauthenticated_cognito_role_overly_permissive_check.nil? end |
Instance Attribute Details
#authenticated_cognito_role_overly_permissive_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
627 628 629 |
# File 'io_t/cfn_account_audit_configuration.rb', line 627 def authenticated_cognito_role_overly_permissive_check @authenticated_cognito_role_overly_permissive_check end |
#ca_certificate_expiring_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if a CA certificate is expiring.
This check applies to CA certificates expiring within 30 days or that have expired.
634 635 636 |
# File 'io_t/cfn_account_audit_configuration.rb', line 634 def ca_certificate_expiring_check @ca_certificate_expiring_check end |
#ca_certificate_key_quality_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks the quality of the CA certificate key.
The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
641 642 643 |
# File 'io_t/cfn_account_audit_configuration.rb', line 641 def ca_certificate_key_quality_check @ca_certificate_key_quality_check end |
#conflicting_client_ids_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if multiple devices connect using the same client ID.
646 647 648 |
# File 'io_t/cfn_account_audit_configuration.rb', line 646 def conflicting_client_ids_check @conflicting_client_ids_check end |
#device_certificate_age_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
651 652 653 |
# File 'io_t/cfn_account_audit_configuration.rb', line 651 def device_certificate_age_check @device_certificate_age_check end |
#device_certificate_expiring_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if a device certificate is expiring.
By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.
658 659 660 |
# File 'io_t/cfn_account_audit_configuration.rb', line 658 def device_certificate_expiring_check @device_certificate_expiring_check end |
#device_certificate_key_quality_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks the quality of the device certificate key.
The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
665 666 667 |
# File 'io_t/cfn_account_audit_configuration.rb', line 665 def device_certificate_key_quality_check @device_certificate_key_quality_check end |
#device_certificate_shared_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
670 671 672 |
# File 'io_t/cfn_account_audit_configuration.rb', line 670 def device_certificate_shared_check @device_certificate_shared_check end |
#intermediate_ca_revoked_for_active_device_certificates_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if device certificates are still active despite being revoked by an intermediate CA.
675 676 677 |
# File 'io_t/cfn_account_audit_configuration.rb', line 675 def intermediate_ca_revoked_for_active_device_certificates_check @intermediate_ca_revoked_for_active_device_certificates_check end |
#io_t_policy_potential_mis_configuration_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if an AWS IoT policy is potentially misconfigured.
Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
687 688 689 |
# File 'io_t/cfn_account_audit_configuration.rb', line 687 def io_t_policy_potential_mis_configuration_check @io_t_policy_potential_mis_configuration_check end |
#iot_policy_overly_permissive_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
680 681 682 |
# File 'io_t/cfn_account_audit_configuration.rb', line 680 def iot_policy_overly_permissive_check @iot_policy_overly_permissive_check end |
#iot_role_alias_allows_access_to_unused_services_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
692 693 694 |
# File 'io_t/cfn_account_audit_configuration.rb', line 692 def iot_role_alias_allows_access_to_unused_services_check @iot_role_alias_allows_access_to_unused_services_check end |
#iot_role_alias_overly_permissive_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
697 698 699 |
# File 'io_t/cfn_account_audit_configuration.rb', line 697 def iot_role_alias_overly_permissive_check @iot_role_alias_overly_permissive_check end |
#logging_disabled_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if AWS IoT logs are disabled.
702 703 704 |
# File 'io_t/cfn_account_audit_configuration.rb', line 702 def logging_disabled_check @logging_disabled_check end |
#revoked_ca_certificate_still_active_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if a revoked CA certificate is still active.
707 708 709 |
# File 'io_t/cfn_account_audit_configuration.rb', line 707 def revoked_ca_certificate_still_active_check @revoked_ca_certificate_still_active_check end |
#revoked_device_certificate_still_active_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if a revoked device certificate is still active.
712 713 714 |
# File 'io_t/cfn_account_audit_configuration.rb', line 712 def revoked_device_certificate_still_active_check @revoked_device_certificate_still_active_check end |
#unauthenticated_cognito_role_overly_permissive_check ⇒ AWSCDK::IResolvable, ... (readonly)
Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
717 718 719 |
# File 'io_t/cfn_account_audit_configuration.rb', line 717 def unauthenticated_cognito_role_overly_permissive_check @unauthenticated_cognito_role_overly_permissive_check end |
Class Method Details
.jsii_properties ⇒ Object
719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 |
# File 'io_t/cfn_account_audit_configuration.rb', line 719 def self.jsii_properties { :authenticated_cognito_role_overly_permissive_check => "authenticatedCognitoRoleOverlyPermissiveCheck", :ca_certificate_expiring_check => "caCertificateExpiringCheck", :ca_certificate_key_quality_check => "caCertificateKeyQualityCheck", :conflicting_client_ids_check => "conflictingClientIdsCheck", :device_certificate_age_check => "deviceCertificateAgeCheck", :device_certificate_expiring_check => "deviceCertificateExpiringCheck", :device_certificate_key_quality_check => "deviceCertificateKeyQualityCheck", :device_certificate_shared_check => "deviceCertificateSharedCheck", :intermediate_ca_revoked_for_active_device_certificates_check => "intermediateCaRevokedForActiveDeviceCertificatesCheck", :iot_policy_overly_permissive_check => "iotPolicyOverlyPermissiveCheck", :io_t_policy_potential_mis_configuration_check => "ioTPolicyPotentialMisConfigurationCheck", :iot_role_alias_allows_access_to_unused_services_check => "iotRoleAliasAllowsAccessToUnusedServicesCheck", :iot_role_alias_overly_permissive_check => "iotRoleAliasOverlyPermissiveCheck", :logging_disabled_check => "loggingDisabledCheck", :revoked_ca_certificate_still_active_check => "revokedCaCertificateStillActiveCheck", :revoked_device_certificate_still_active_check => "revokedDeviceCertificateStillActiveCheck", :unauthenticated_cognito_role_overly_permissive_check => "unauthenticatedCognitoRoleOverlyPermissiveCheck", } end |
Instance Method Details
#to_jsii ⇒ Object
741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 |
# File 'io_t/cfn_account_audit_configuration.rb', line 741 def to_jsii result = {} result.merge!({ "authenticatedCognitoRoleOverlyPermissiveCheck" => @authenticated_cognito_role_overly_permissive_check, "caCertificateExpiringCheck" => @ca_certificate_expiring_check, "caCertificateKeyQualityCheck" => @ca_certificate_key_quality_check, "conflictingClientIdsCheck" => @conflicting_client_ids_check, "deviceCertificateAgeCheck" => @device_certificate_age_check, "deviceCertificateExpiringCheck" => @device_certificate_expiring_check, "deviceCertificateKeyQualityCheck" => @device_certificate_key_quality_check, "deviceCertificateSharedCheck" => @device_certificate_shared_check, "intermediateCaRevokedForActiveDeviceCertificatesCheck" => @intermediate_ca_revoked_for_active_device_certificates_check, "iotPolicyOverlyPermissiveCheck" => @iot_policy_overly_permissive_check, "ioTPolicyPotentialMisConfigurationCheck" => @io_t_policy_potential_mis_configuration_check, "iotRoleAliasAllowsAccessToUnusedServicesCheck" => @iot_role_alias_allows_access_to_unused_services_check, "iotRoleAliasOverlyPermissiveCheck" => @iot_role_alias_overly_permissive_check, "loggingDisabledCheck" => @logging_disabled_check, "revokedCaCertificateStillActiveCheck" => @revoked_ca_certificate_still_active_check, "revokedDeviceCertificateStillActiveCheck" => @revoked_device_certificate_still_active_check, "unauthenticatedCognitoRoleOverlyPermissiveCheck" => @unauthenticated_cognito_role_overly_permissive_check, }) result.compact end |