aws-native logo
AWS Native v0.55.0, Mar 28 23

aws-native.iot.AccountAuditConfiguration

Configures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.

Example Usage

Example

using System.Collections.Generic;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var myAccountAuditConfiguration = new AwsNative.IoT.AccountAuditConfiguration("myAccountAuditConfiguration", new()
    {
        AccountId = "${AWS::AccountId}",
        AuditCheckConfigurations = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationsArgs
        {
            AuthenticatedCognitoRoleOverlyPermissiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            CaCertificateExpiringCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            CaCertificateKeyQualityCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            ConflictingClientIdsCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            DeviceCertificateExpiringCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            DeviceCertificateKeyQualityCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            DeviceCertificateSharedCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            IotPolicyOverlyPermissiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            IotRoleAliasAllowsAccessToUnusedServicesCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            IotRoleAliasOverlyPermissiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            LoggingDisabledCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            RevokedCaCertificateStillActiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            RevokedDeviceCertificateStillActiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
            UnauthenticatedCognitoRoleOverlyPermissiveCheck = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationArgs
            {
                Enabled = true,
            },
        },
        AuditNotificationTargetConfigurations = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
        {
            Sns = new AwsNative.IoT.Inputs.AccountAuditConfigurationAuditNotificationTargetArgs
            {
                TargetArn = "arn:aws:sns:us-east-1:123456789012:AuditNotifications",
                RoleArn = "arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications",
                Enabled = true,
            },
        },
        RoleArn = "arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit",
    });

});

Coming soon!

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

my_account_audit_configuration = aws_native.iot.AccountAuditConfiguration("myAccountAuditConfiguration",
    account_id="${AWS::AccountId}",
    audit_check_configurations=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationsArgs(
        authenticated_cognito_role_overly_permissive_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        ca_certificate_expiring_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        ca_certificate_key_quality_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        conflicting_client_ids_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        device_certificate_expiring_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        device_certificate_key_quality_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        device_certificate_shared_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        iot_policy_overly_permissive_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        iot_role_alias_allows_access_to_unused_services_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        iot_role_alias_overly_permissive_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        logging_disabled_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        revoked_ca_certificate_still_active_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        revoked_device_certificate_still_active_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
        unauthenticated_cognito_role_overly_permissive_check=aws_native.iot.AccountAuditConfigurationAuditCheckConfigurationArgs(
            enabled=True,
        ),
    ),
    audit_notification_target_configurations=aws_native.iot.AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs(
        sns=aws_native.iot.AccountAuditConfigurationAuditNotificationTargetArgs(
            target_arn="arn:aws:sns:us-east-1:123456789012:AuditNotifications",
            role_arn="arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications",
            enabled=True,
        ),
    ),
    role_arn="arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit")
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const myAccountAuditConfiguration = new aws_native.iot.AccountAuditConfiguration("myAccountAuditConfiguration", {
    accountId: `${AWS::AccountId}`,
    auditCheckConfigurations: {
        authenticatedCognitoRoleOverlyPermissiveCheck: {
            enabled: true,
        },
        caCertificateExpiringCheck: {
            enabled: true,
        },
        caCertificateKeyQualityCheck: {
            enabled: true,
        },
        conflictingClientIdsCheck: {
            enabled: true,
        },
        deviceCertificateExpiringCheck: {
            enabled: true,
        },
        deviceCertificateKeyQualityCheck: {
            enabled: true,
        },
        deviceCertificateSharedCheck: {
            enabled: true,
        },
        iotPolicyOverlyPermissiveCheck: {
            enabled: true,
        },
        iotRoleAliasAllowsAccessToUnusedServicesCheck: {
            enabled: true,
        },
        iotRoleAliasOverlyPermissiveCheck: {
            enabled: true,
        },
        loggingDisabledCheck: {
            enabled: true,
        },
        revokedCaCertificateStillActiveCheck: {
            enabled: true,
        },
        revokedDeviceCertificateStillActiveCheck: {
            enabled: true,
        },
        unauthenticatedCognitoRoleOverlyPermissiveCheck: {
            enabled: true,
        },
    },
    auditNotificationTargetConfigurations: {
        sns: {
            targetArn: "arn:aws:sns:us-east-1:123456789012:AuditNotifications",
            roleArn: "arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications",
            enabled: true,
        },
    },
    roleArn: "arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit",
});

Coming soon!

Create AccountAuditConfiguration Resource

new AccountAuditConfiguration(name: string, args: AccountAuditConfigurationArgs, opts?: CustomResourceOptions);
@overload
def AccountAuditConfiguration(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              account_id: Optional[str] = None,
                              audit_check_configurations: Optional[AccountAuditConfigurationAuditCheckConfigurationsArgs] = None,
                              audit_notification_target_configurations: Optional[AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs] = None,
                              role_arn: Optional[str] = None)
@overload
def AccountAuditConfiguration(resource_name: str,
                              args: AccountAuditConfigurationArgs,
                              opts: Optional[ResourceOptions] = None)
func NewAccountAuditConfiguration(ctx *Context, name string, args AccountAuditConfigurationArgs, opts ...ResourceOption) (*AccountAuditConfiguration, error)
public AccountAuditConfiguration(string name, AccountAuditConfigurationArgs args, CustomResourceOptions? opts = null)
public AccountAuditConfiguration(String name, AccountAuditConfigurationArgs args)
public AccountAuditConfiguration(String name, AccountAuditConfigurationArgs args, CustomResourceOptions options)
type: aws-native:iot:AccountAuditConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AccountAuditConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccountAuditConfigurationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccountAuditConfigurationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccountAuditConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccountAuditConfigurationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccountAuditConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccountAuditConfiguration resource accepts the following input properties:

AccountId string

Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).

AuditCheckConfigurations Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfigurationsArgs
RoleArn string

The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.

AuditNotificationTargetConfigurations Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
AccountId string

Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).

AuditCheckConfigurations AccountAuditConfigurationAuditCheckConfigurationsArgs
RoleArn string

The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.

AuditNotificationTargetConfigurations AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
accountId String

Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).

auditCheckConfigurations AccountAuditConfigurationAuditCheckConfigurationsArgs
roleArn String

The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.

auditNotificationTargetConfigurations AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
accountId string

Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).

auditCheckConfigurations AccountAuditConfigurationAuditCheckConfigurationsArgs
roleArn string

The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.

auditNotificationTargetConfigurations AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
account_id str

Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).

audit_check_configurations AccountAuditConfigurationAuditCheckConfigurationsArgs
role_arn str

The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.

audit_notification_target_configurations AccountAuditConfigurationAuditNotificationTargetConfigurationsArgs
accountId String

Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).

auditCheckConfigurations Property Map
roleArn String

The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.

auditNotificationTargetConfigurations Property Map

Outputs

All input properties are implicitly available as output properties. Additionally, the AccountAuditConfiguration resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Supporting Types

AccountAuditConfigurationAuditCheckConfiguration

Enabled bool

True if the check is enabled.

Enabled bool

True if the check is enabled.

enabled Boolean

True if the check is enabled.

enabled boolean

True if the check is enabled.

enabled bool

True if the check is enabled.

enabled Boolean

True if the check is enabled.

AccountAuditConfigurationAuditCheckConfigurations

AuthenticatedCognitoRoleOverlyPermissiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
CaCertificateExpiringCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
CaCertificateKeyQualityCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
ConflictingClientIdsCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
DeviceCertificateExpiringCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
DeviceCertificateKeyQualityCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
DeviceCertificateSharedCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
IntermediateCaRevokedForActiveDeviceCertificatesCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
IoTPolicyPotentialMisConfigurationCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
IotPolicyOverlyPermissiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
IotRoleAliasAllowsAccessToUnusedServicesCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
IotRoleAliasOverlyPermissiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
LoggingDisabledCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
RevokedCaCertificateStillActiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
RevokedDeviceCertificateStillActiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
UnauthenticatedCognitoRoleOverlyPermissiveCheck Pulumi.AwsNative.IoT.Inputs.AccountAuditConfigurationAuditCheckConfiguration
AuthenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
CaCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
CaCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
ConflictingClientIdsCheck AccountAuditConfigurationAuditCheckConfiguration
DeviceCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
DeviceCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
DeviceCertificateSharedCheck AccountAuditConfigurationAuditCheckConfiguration
IntermediateCaRevokedForActiveDeviceCertificatesCheck AccountAuditConfigurationAuditCheckConfiguration
IoTPolicyPotentialMisConfigurationCheck AccountAuditConfigurationAuditCheckConfiguration
IotPolicyOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
IotRoleAliasAllowsAccessToUnusedServicesCheck AccountAuditConfigurationAuditCheckConfiguration
IotRoleAliasOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
LoggingDisabledCheck AccountAuditConfigurationAuditCheckConfiguration
RevokedCaCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
RevokedDeviceCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
UnauthenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
authenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
caCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
caCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
conflictingClientIdsCheck AccountAuditConfigurationAuditCheckConfiguration
deviceCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
deviceCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
deviceCertificateSharedCheck AccountAuditConfigurationAuditCheckConfiguration
intermediateCaRevokedForActiveDeviceCertificatesCheck AccountAuditConfigurationAuditCheckConfiguration
ioTPolicyPotentialMisConfigurationCheck AccountAuditConfigurationAuditCheckConfiguration
iotPolicyOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
iotRoleAliasAllowsAccessToUnusedServicesCheck AccountAuditConfigurationAuditCheckConfiguration
iotRoleAliasOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
loggingDisabledCheck AccountAuditConfigurationAuditCheckConfiguration
revokedCaCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
revokedDeviceCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
unauthenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
authenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
caCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
caCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
conflictingClientIdsCheck AccountAuditConfigurationAuditCheckConfiguration
deviceCertificateExpiringCheck AccountAuditConfigurationAuditCheckConfiguration
deviceCertificateKeyQualityCheck AccountAuditConfigurationAuditCheckConfiguration
deviceCertificateSharedCheck AccountAuditConfigurationAuditCheckConfiguration
intermediateCaRevokedForActiveDeviceCertificatesCheck AccountAuditConfigurationAuditCheckConfiguration
ioTPolicyPotentialMisConfigurationCheck AccountAuditConfigurationAuditCheckConfiguration
iotPolicyOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
iotRoleAliasAllowsAccessToUnusedServicesCheck AccountAuditConfigurationAuditCheckConfiguration
iotRoleAliasOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
loggingDisabledCheck AccountAuditConfigurationAuditCheckConfiguration
revokedCaCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
revokedDeviceCertificateStillActiveCheck AccountAuditConfigurationAuditCheckConfiguration
unauthenticatedCognitoRoleOverlyPermissiveCheck AccountAuditConfigurationAuditCheckConfiguration
authenticated_cognito_role_overly_permissive_check AccountAuditConfigurationAuditCheckConfiguration
ca_certificate_expiring_check AccountAuditConfigurationAuditCheckConfiguration
ca_certificate_key_quality_check AccountAuditConfigurationAuditCheckConfiguration
conflicting_client_ids_check AccountAuditConfigurationAuditCheckConfiguration
device_certificate_expiring_check AccountAuditConfigurationAuditCheckConfiguration
device_certificate_key_quality_check AccountAuditConfigurationAuditCheckConfiguration
device_certificate_shared_check AccountAuditConfigurationAuditCheckConfiguration
intermediate_ca_revoked_for_active_device_certificates_check AccountAuditConfigurationAuditCheckConfiguration
io_t_policy_potential_mis_configuration_check AccountAuditConfigurationAuditCheckConfiguration
iot_policy_overly_permissive_check AccountAuditConfigurationAuditCheckConfiguration
iot_role_alias_allows_access_to_unused_services_check AccountAuditConfigurationAuditCheckConfiguration
iot_role_alias_overly_permissive_check AccountAuditConfigurationAuditCheckConfiguration
logging_disabled_check AccountAuditConfigurationAuditCheckConfiguration
revoked_ca_certificate_still_active_check AccountAuditConfigurationAuditCheckConfiguration
revoked_device_certificate_still_active_check AccountAuditConfigurationAuditCheckConfiguration
unauthenticated_cognito_role_overly_permissive_check AccountAuditConfigurationAuditCheckConfiguration

AccountAuditConfigurationAuditNotificationTarget

Enabled bool

True if notifications to the target are enabled.

RoleArn string

The ARN of the role that grants permission to send notifications to the target.

TargetArn string

The ARN of the target (SNS topic) to which audit notifications are sent.

Enabled bool

True if notifications to the target are enabled.

RoleArn string

The ARN of the role that grants permission to send notifications to the target.

TargetArn string

The ARN of the target (SNS topic) to which audit notifications are sent.

enabled Boolean

True if notifications to the target are enabled.

roleArn String

The ARN of the role that grants permission to send notifications to the target.

targetArn String

The ARN of the target (SNS topic) to which audit notifications are sent.

enabled boolean

True if notifications to the target are enabled.

roleArn string

The ARN of the role that grants permission to send notifications to the target.

targetArn string

The ARN of the target (SNS topic) to which audit notifications are sent.

enabled bool

True if notifications to the target are enabled.

role_arn str

The ARN of the role that grants permission to send notifications to the target.

target_arn str

The ARN of the target (SNS topic) to which audit notifications are sent.

enabled Boolean

True if notifications to the target are enabled.

roleArn String

The ARN of the role that grants permission to send notifications to the target.

targetArn String

The ARN of the target (SNS topic) to which audit notifications are sent.

AccountAuditConfigurationAuditNotificationTargetConfigurations

Package Details

Repository
AWS Native pulumi/pulumi-aws-native
License
Apache-2.0