pulumi-aws-native-kotlin/com.pulumi.awsnative.iot.kotlin.outputs/AccountAuditConfigurationAuditCheckConfigurations

AccountAuditConfigurationAuditCheckConfigurations

data class AccountAuditConfigurationAuditCheckConfigurations(val authenticatedCognitoRoleOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val caCertificateExpiringCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val caCertificateKeyQualityCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val conflictingClientIdsCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val deviceCertificateExpiringCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val deviceCertificateKeyQualityCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val deviceCertificateSharedCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val intermediateCaRevokedForActiveDeviceCertificatesCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val ioTPolicyPotentialMisConfigurationCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val iotPolicyOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val iotRoleAliasAllowsAccessToUnusedServicesCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val iotRoleAliasOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val loggingDisabledCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val revokedCaCertificateStillActiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val revokedDeviceCertificateStillActiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, val unauthenticatedCognitoRoleOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null)

Specifies which audit checks are enabled and disabled for this account.

Constructors

constructor(authenticatedCognitoRoleOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, caCertificateExpiringCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, caCertificateKeyQualityCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, conflictingClientIdsCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, deviceCertificateExpiringCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, deviceCertificateKeyQualityCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, deviceCertificateSharedCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, intermediateCaRevokedForActiveDeviceCertificatesCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, ioTPolicyPotentialMisConfigurationCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, iotPolicyOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, iotRoleAliasAllowsAccessToUnusedServicesCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, iotRoleAliasOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, loggingDisabledCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, revokedCaCertificateStillActiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, revokedDeviceCertificateStillActiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null, unauthenticatedCognitoRoleOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null)

Types

Link copied to clipboard
object Companion

Properties

val authenticatedCognitoRoleOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.

Link copied to clipboard
val caCertificateExpiringCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.

Link copied to clipboard
val caCertificateKeyQualityCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .

Link copied to clipboard
val conflictingClientIdsCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if multiple devices connect using the same client ID.

Link copied to clipboard
val deviceCertificateExpiringCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired.

Link copied to clipboard
val deviceCertificateKeyQualityCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.

Link copied to clipboard
val deviceCertificateSharedCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .

val intermediateCaRevokedForActiveDeviceCertificatesCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if device certificates are still active despite being revoked by an intermediate CA.

Link copied to clipboard
val iotPolicyOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.

Link copied to clipboard
val ioTPolicyPotentialMisConfigurationCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.

val iotRoleAliasAllowsAccessToUnusedServicesCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.

Link copied to clipboard
val iotRoleAliasOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.

Link copied to clipboard
val loggingDisabledCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if AWS IoT logs are disabled.

Link copied to clipboard
val revokedCaCertificateStillActiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if a revoked CA certificate is still active.

Link copied to clipboard
val revokedDeviceCertificateStillActiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if a revoked device certificate is still active.

val unauthenticatedCognitoRoleOverlyPermissiveCheck: AccountAuditConfigurationAuditCheckConfiguration? = null

Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.