awscc.iot_accountauditconfiguration¶
Filters¶
event
reduce
value
Actions¶
delete¶
Parent base class for filters and actions.
properties:
type:
enum:
- delete
required:
- type
Permissions - iot:DescribeAccountAuditConfiguration, iot:DeleteAccountAuditConfiguration
update¶
Parent base class for filters and actions.
definitions:
AuditCheckConfiguration:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
AuditCheckConfigurations:
additionalProperties: false
description: Specifies which audit checks are enabled and disabled for this account.
properties:
AuthenticatedCognitoRoleOverlyPermissiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
CaCertificateExpiringCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
CaCertificateKeyQualityCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
ConflictingClientIdsCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
DeviceCertificateExpiringCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
DeviceCertificateKeyQualityCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
DeviceCertificateSharedCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
IotPolicyOverlyPermissiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
IotRoleAliasAllowsAccessToUnusedServicesCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
IotRoleAliasOverlyPermissiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
LoggingDisabledCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
RevokedCaCertificateStillActiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
RevokedDeviceCertificateStillActiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
UnauthenticatedCognitoRoleOverlyPermissiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
type: object
AuditNotificationTarget:
additionalProperties: false
properties:
Enabled:
description: True if notifications to the target are enabled.
type: boolean
RoleArn:
description: The ARN of the role that grants permission to send notifications
to the target.
maxLength: 2048
minLength: 20
type: string
TargetArn:
description: The ARN of the target (SNS topic) to which audit notifications
are sent.
maxLength: 2048
type: string
type: object
AuditNotificationTargetConfigurations:
additionalProperties: false
description: Information about the targets to which audit notifications are sent.
properties:
Sns:
additionalProperties: false
properties:
Enabled:
description: True if notifications to the target are enabled.
type: boolean
RoleArn:
description: The ARN of the role that grants permission to send notifications
to the target.
maxLength: 2048
minLength: 20
type: string
TargetArn:
description: The ARN of the target (SNS topic) to which audit notifications
are sent.
maxLength: 2048
type: string
type: object
type: object
properties:
AuditCheckConfigurations:
additionalProperties: false
description: Specifies which audit checks are enabled and disabled for this account.
properties:
AuthenticatedCognitoRoleOverlyPermissiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
CaCertificateExpiringCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
CaCertificateKeyQualityCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
ConflictingClientIdsCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
DeviceCertificateExpiringCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
DeviceCertificateKeyQualityCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
DeviceCertificateSharedCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
IotPolicyOverlyPermissiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
IotRoleAliasAllowsAccessToUnusedServicesCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
IotRoleAliasOverlyPermissiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
LoggingDisabledCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
RevokedCaCertificateStillActiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
RevokedDeviceCertificateStillActiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
UnauthenticatedCognitoRoleOverlyPermissiveCheck:
additionalProperties: false
description: The configuration for a specific audit check.
properties:
Enabled:
description: True if the check is enabled.
type: boolean
type: object
type: object
AuditNotificationTargetConfigurations:
additionalProperties: false
description: Information about the targets to which audit notifications are sent.
properties:
Sns:
additionalProperties: false
properties:
Enabled:
description: True if notifications to the target are enabled.
type: boolean
RoleArn:
description: The ARN of the role that grants permission to send notifications
to the target.
maxLength: 2048
minLength: 20
type: string
TargetArn:
description: The ARN of the target (SNS topic) to which audit notifications
are sent.
maxLength: 2048
type: string
type: object
type: object
RoleArn:
description: The ARN of the role that grants permission to AWS IoT to access information
about your devices, policies, certificates and other items as required when
performing an audit.
maxLength: 2048
minLength: 20
type: string
type:
enum:
- update
Permissions - iot:UpdateAccountAuditConfiguration, iot:DescribeAccountAuditConfiguration, iam:PassRole