AWS Native v0.55.0, Mar 28 23
AWS Native v0.55.0, Mar 28 23
aws-native.iot.AccountAuditConfiguration
Configures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.
Example Usage
Example
using System.Collections.Generic;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var myAccountAuditConfiguration = new AwsNative.IoT.AccountAuditConfiguration("myAccountAuditConfiguration", new()
{
AccountId = "${AWS::AccountId}",
AuditCheckConfigurations = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationsArgs
{
AuthenticatedCognitoRoleOverlyPermissiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
CaCertificateExpiringCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
CaCertificateKeyQualityCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
ConflictingClientIdsCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
DeviceCertificateExpiringCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
DeviceCertificateKeyQualityCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
DeviceCertificateSharedCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
IotPolicyOverlyPermissiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
IotRoleAliasAllowsAccessToUnusedServicesCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
IotRoleAliasOverlyPermissiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
LoggingDisabledCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
RevokedCaCertificateStillActiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
RevokedDeviceCertificateStillActiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
UnauthenticatedCognitoRoleOverlyPermissiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
{
Enabled = true,
},
},
AuditNotificationTargetConfigurations = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
{
Sns = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditNotificationTargetArgs
{
TargetArn = "arn:aws:sns:us-east-1:123456789012:AuditNotifications",
RoleArn = "arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications",
Enabled = true,
},
},
RoleArn = "arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit",
});
});
Coming soon!
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
my_account_audit_configuration = aws_native.iot.AccountAuditConfiguration("myAccountAuditConfiguration",
account_id="${AWS::AccountId}",
audit_check_configurations=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationsArgs(
authenticated_cognito_role_overly_permissive_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
ca_certificate_expiring_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
ca_certificate_key_quality_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
conflicting_client_ids_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
device_certificate_expiring_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
device_certificate_key_quality_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
device_certificate_shared_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
iot_policy_overly_permissive_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
iot_role_alias_allows_access_to_unused_services_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
iot_role_alias_overly_permissive_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
logging_disabled_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
revoked_ca_certificate_still_active_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
revoked_device_certificate_still_active_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
unauthenticated_cognito_role_overly_permissive_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
enabled=True,
),
),
audit_notification_target_configurations=aws_native.iot.AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs(
sns=aws_native.iot.AccountAuditConfigurationAuditNotificationTargetArgs(
target_arn="arn:aws:sns:us-east-1:123456789012:AuditNotifications",
role_arn="arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications",
enabled=True,
),
),
role_arn="arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit")
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const myAccountAuditConfiguration = new aws_native.iot.AccountAuditConfiguration("myAccountAuditConfiguration", {
accountId: `${AWS::AccountId}`,
auditCheckConfigurations: {
authenticatedCognitoRoleOverlyPermissiveCheck: {
enabled: true,
},
caCertificateExpiringCheck: {
enabled: true,
},
caCertificateKeyQualityCheck: {
enabled: true,
},
conflictingClientIdsCheck: {
enabled: true,
},
deviceCertificateExpiringCheck: {
enabled: true,
},
deviceCertificateKeyQualityCheck: {
enabled: true,
},
deviceCertificateSharedCheck: {
enabled: true,
},
iotPolicyOverlyPermissiveCheck: {
enabled: true,
},
iotRoleAliasAllowsAccessToUnusedServicesCheck: {
enabled: true,
},
iotRoleAliasOverlyPermissiveCheck: {
enabled: true,
},
loggingDisabledCheck: {
enabled: true,
},
revokedCaCertificateStillActiveCheck: {
enabled: true,
},
revokedDeviceCertificateStillActiveCheck: {
enabled: true,
},
unauthenticatedCognitoRoleOverlyPermissiveCheck: {
enabled: true,
},
},
auditNotificationTargetConfigurations: {
sns: {
targetArn: "arn:aws:sns:us-east-1:123456789012:AuditNotifications",
roleArn: "arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications",
enabled: true,
},
},
roleArn: "arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit",
});
Coming soon!
Create AccountAuditConfiguration Resource
new AccountAuditConfiguration(name: string, args: AccountAuditConfigurationArgs, opts?: CustomResourceOptions);@overload
def AccountAuditConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
audit_check_configurations: Optional[AccountAuditConfigurationAuditCheckConfigurationsArgs] = None,
audit_notification_target_configurations: Optional[AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs] = None,
role_arn: Optional[str] = None)
@overload
def AccountAuditConfiguration(resource_name: str,
args: AccountAuditConfigurationArgs,
opts: Optional[ResourceOptions] = None)func NewAccountAuditConfiguration(ctx *Context, name string, args AccountAuditConfigurationArgs, opts ...ResourceOption) (*AccountAuditConfiguration, error)public AccountAuditConfiguration(string name, AccountAuditConfigurationArgs args, CustomResourceOptions? opts = null)
public AccountAuditConfiguration(String name, AccountAuditConfigurationArgs args)
public AccountAuditConfiguration(String name, AccountAuditConfigurationArgs args, CustomResourceOptions options)
type: aws-native:iot:AccountAuditConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccountAuditConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccountAuditConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccountAuditConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccountAuditConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccountAuditConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccountAuditConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccountAuditConfiguration resource accepts the following input properties:
- Account
Id string Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- Audit
Check Pulumi.Configurations Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configurations Args - Role
Arn string The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- Audit
Notification Pulumi.Target Configurations Aws Native. Io T. Inputs. Account Audit Configuration Audit Notification Target Configurations Args
- Account
Id string Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- Audit
Check AccountConfigurations Audit Configuration Audit Check Configurations Args - Role
Arn string The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- Audit
Notification AccountTarget Configurations Audit Configuration Audit Notification Target Configurations Args
- account
Id String Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- audit
Check AccountConfigurations Audit Configuration Audit Check Configurations Args - role
Arn String The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- audit
Notification AccountTarget Configurations Audit Configuration Audit Notification Target Configurations Args
- account
Id string Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- audit
Check AccountConfigurations Audit Configuration Audit Check Configurations Args - role
Arn string The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- audit
Notification AccountTarget Configurations Audit Configuration Audit Notification Target Configurations Args
- account_
id str Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- audit_
check_ Accountconfigurations Audit Configuration Audit Check Configurations Args - role_
arn str The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- audit_
notification_ Accounttarget_ configurations Audit Configuration Audit Notification Target Configurations Args
- account
Id String Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- audit
Check Property MapConfigurations - role
Arn String The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- audit
Notification Property MapTarget Configurations
Outputs
All input properties are implicitly available as output properties. Additionally, the AccountAuditConfiguration resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Supporting Types
AccountAuditConfigurationAuditCheckConfiguration
- Enabled bool
True if the check is enabled.
- Enabled bool
True if the check is enabled.
- enabled Boolean
True if the check is enabled.
- enabled boolean
True if the check is enabled.
- enabled bool
True if the check is enabled.
- enabled Boolean
True if the check is enabled.
AccountAuditConfigurationAuditCheckConfigurations
- Authenticated
Cognito Pulumi.Role Overly Permissive Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Ca
Certificate Pulumi.Expiring Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Ca
Certificate Pulumi.Key Quality Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Conflicting
Client Pulumi.Ids Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Device
Certificate Pulumi.Expiring Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Device
Certificate Pulumi.Key Quality Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration -
Pulumi.
Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Intermediate
Ca Pulumi.Revoked For Active Device Certificates Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Io
TPolicy Pulumi.Potential Mis Configuration Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Iot
Policy Pulumi.Overly Permissive Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Iot
Role Pulumi.Alias Allows Access To Unused Services Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Iot
Role Pulumi.Alias Overly Permissive Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Logging
Disabled Pulumi.Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Revoked
Ca Pulumi.Certificate Still Active Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Revoked
Device Pulumi.Certificate Still Active Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Unauthenticated
Cognito Pulumi.Role Overly Permissive Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration
- Authenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - Ca
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - Ca
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - Conflicting
Client AccountIds Check Audit Configuration Audit Check Configuration - Device
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - Device
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration -
Account
Audit Configuration Audit Check Configuration - Intermediate
Ca AccountRevoked For Active Device Certificates Check Audit Configuration Audit Check Configuration - Io
TPolicy AccountPotential Mis Configuration Check Audit Configuration Audit Check Configuration - Iot
Policy AccountOverly Permissive Check Audit Configuration Audit Check Configuration - Iot
Role AccountAlias Allows Access To Unused Services Check Audit Configuration Audit Check Configuration - Iot
Role AccountAlias Overly Permissive Check Audit Configuration Audit Check Configuration - Logging
Disabled AccountCheck Audit Configuration Audit Check Configuration - Revoked
Ca AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - Revoked
Device AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - Unauthenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration
- authenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - ca
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - ca
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - conflicting
Client AccountIds Check Audit Configuration Audit Check Configuration - device
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - device
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration -
Account
Audit Configuration Audit Check Configuration - intermediate
Ca AccountRevoked For Active Device Certificates Check Audit Configuration Audit Check Configuration - io
TPolicy AccountPotential Mis Configuration Check Audit Configuration Audit Check Configuration - iot
Policy AccountOverly Permissive Check Audit Configuration Audit Check Configuration - iot
Role AccountAlias Allows Access To Unused Services Check Audit Configuration Audit Check Configuration - iot
Role AccountAlias Overly Permissive Check Audit Configuration Audit Check Configuration - logging
Disabled AccountCheck Audit Configuration Audit Check Configuration - revoked
Ca AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - revoked
Device AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - unauthenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration
- authenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - ca
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - ca
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - conflicting
Client AccountIds Check Audit Configuration Audit Check Configuration - device
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - device
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration -
Account
Audit Configuration Audit Check Configuration - intermediate
Ca AccountRevoked For Active Device Certificates Check Audit Configuration Audit Check Configuration - io
TPolicy AccountPotential Mis Configuration Check Audit Configuration Audit Check Configuration - iot
Policy AccountOverly Permissive Check Audit Configuration Audit Check Configuration - iot
Role AccountAlias Allows Access To Unused Services Check Audit Configuration Audit Check Configuration - iot
Role AccountAlias Overly Permissive Check Audit Configuration Audit Check Configuration - logging
Disabled AccountCheck Audit Configuration Audit Check Configuration - revoked
Ca AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - revoked
Device AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - unauthenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration
- authenticated_
cognito_ Accountrole_ overly_ permissive_ check Audit Configuration Audit Check Configuration - ca_
certificate_ Accountexpiring_ check Audit Configuration Audit Check Configuration - ca_
certificate_ Accountkey_ quality_ check Audit Configuration Audit Check Configuration - conflicting_
client_ Accountids_ check Audit Configuration Audit Check Configuration - device_
certificate_ Accountexpiring_ check Audit Configuration Audit Check Configuration - device_
certificate_ Accountkey_ quality_ check Audit Configuration Audit Check Configuration -
Account
Audit Configuration Audit Check Configuration - intermediate_
ca_ Accountrevoked_ for_ active_ device_ certificates_ check Audit Configuration Audit Check Configuration - io_
t_ Accountpolicy_ potential_ mis_ configuration_ check Audit Configuration Audit Check Configuration - iot_
policy_ Accountoverly_ permissive_ check Audit Configuration Audit Check Configuration - iot_
role_ Accountalias_ allows_ access_ to_ unused_ services_ check Audit Configuration Audit Check Configuration - iot_
role_ Accountalias_ overly_ permissive_ check Audit Configuration Audit Check Configuration - logging_
disabled_ Accountcheck Audit Configuration Audit Check Configuration - revoked_
ca_ Accountcertificate_ still_ active_ check Audit Configuration Audit Check Configuration - revoked_
device_ Accountcertificate_ still_ active_ check Audit Configuration Audit Check Configuration - unauthenticated_
cognito_ Accountrole_ overly_ permissive_ check Audit Configuration Audit Check Configuration
- authenticated
Cognito Property MapRole Overly Permissive Check - ca
Certificate Property MapExpiring Check - ca
Certificate Property MapKey Quality Check - conflicting
Client Property MapIds Check - device
Certificate Property MapExpiring Check - device
Certificate Property MapKey Quality Check - Property Map
- intermediate
Ca Property MapRevoked For Active Device Certificates Check - io
TPolicy Property MapPotential Mis Configuration Check - iot
Policy Property MapOverly Permissive Check - iot
Role Property MapAlias Allows Access To Unused Services Check - iot
Role Property MapAlias Overly Permissive Check - logging
Disabled Property MapCheck - revoked
Ca Property MapCertificate Still Active Check - revoked
Device Property MapCertificate Still Active Check - unauthenticated
Cognito Property MapRole Overly Permissive Check
AccountAuditConfigurationAuditNotificationTarget
- enabled bool
True if notifications to the target are enabled.
- role_
arn str The ARN of the role that grants permission to send notifications to the target.
- target_
arn str The ARN of the target (SNS topic) to which audit notifications are sent.
AccountAuditConfigurationAuditNotificationTargetConfigurations
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0