aws-native logo
AWS Native v0.63.0, May 25 23

aws-native.iot.SecurityProfile

Explore with Pulumi AI

A security profile defines a set of expected behaviors for devices in your account.

Example Usage

Example

using System.Collections.Generic;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var mySecurityProfile = new AwsNative.IoT.SecurityProfile("mySecurityProfile", new()
    {
        AdditionalMetricsToRetainV2 = new[]
        {
            new AwsNative.IoT.Inputs.SecurityProfileMetricToRetainArgs
            {
                Metric = "aws:num-messages-received",
            },
            new AwsNative.IoT.Inputs.SecurityProfileMetricToRetainArgs
            {
                Metric = "aws:num-disconnects",
            },
        },
        AlertTargets = 
        {
            { "sns", 
            {
                { "alertTargetArn", "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts" },
                { "roleArn", "arn:aws:iam::123456789012:role/RoleForDefenderAlerts" },
            } },
        },
        Behaviors = new[]
        {
            new AwsNative.IoT.Inputs.SecurityProfileBehaviorArgs
            {
                Name = "MaxMessageSize",
                Metric = "aws:message-byte-size",
                Criteria = new AwsNative.IoT.Inputs.SecurityProfileBehaviorCriteriaArgs
                {
                    ConsecutiveDatapointsToAlarm = 1,
                    ConsecutiveDatapointsToClear = 1,
                    ComparisonOperator = AwsNative.IoT.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                    Value = new AwsNative.IoT.Inputs.SecurityProfileMetricValueArgs
                    {
                        Count = "5",
                    },
                },
            },
            new AwsNative.IoT.Inputs.SecurityProfileBehaviorArgs
            {
                Name = "OutboundMessageCount",
                Metric = "aws:num-messages-sent",
                Criteria = new AwsNative.IoT.Inputs.SecurityProfileBehaviorCriteriaArgs
                {
                    DurationSeconds = 300,
                    ComparisonOperator = AwsNative.IoT.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                    Value = new AwsNative.IoT.Inputs.SecurityProfileMetricValueArgs
                    {
                        Count = "50",
                    },
                },
            },
            new AwsNative.IoT.Inputs.SecurityProfileBehaviorArgs
            {
                Name = "AuthFailuresStatThreshold",
                Metric = "aws:num-authorization-failures",
                Criteria = new AwsNative.IoT.Inputs.SecurityProfileBehaviorCriteriaArgs
                {
                    ComparisonOperator = AwsNative.IoT.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                    DurationSeconds = 300,
                    StatisticalThreshold = new AwsNative.IoT.Inputs.SecurityProfileStatisticalThresholdArgs
                    {
                        Statistic = AwsNative.IoT.SecurityProfileStatisticalThresholdStatistic.P90,
                    },
                },
            },
        },
        SecurityProfileDescription = "Contains expected behaviors for connected devices",
        SecurityProfileName = "ProfileForConnectedDevices",
        Tags = new[]
        {
            new AwsNative.IoT.Inputs.SecurityProfileTagArgs
            {
                Key = "Application",
                Value = "SmartHome",
            },
        },
        TargetArns = new[]
        {
            "arn:aws:iot:us-east-1:123456789012:all/things",
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iot"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iot.NewSecurityProfile(ctx, "mySecurityProfile", &iot.SecurityProfileArgs{
			AdditionalMetricsToRetainV2: []iot.SecurityProfileMetricToRetainArgs{
				{
					Metric: pulumi.String("aws:num-messages-received"),
				},
				{
					Metric: pulumi.String("aws:num-disconnects"),
				},
			},
			AlertTargets: pulumi.Any{
				Sns: map[string]interface{}{
					"alertTargetArn": "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts",
					"roleArn":        "arn:aws:iam::123456789012:role/RoleForDefenderAlerts",
				},
			},
			Behaviors: []iot.SecurityProfileBehaviorArgs{
				{
					Name:   pulumi.String("MaxMessageSize"),
					Metric: pulumi.String("aws:message-byte-size"),
					Criteria: {
						ConsecutiveDatapointsToAlarm: pulumi.Int(1),
						ConsecutiveDatapointsToClear: pulumi.Int(1),
						ComparisonOperator:           iot.SecurityProfileBehaviorCriteriaComparisonOperatorLessThanEquals,
						Value: {
							Count: pulumi.String("5"),
						},
					},
				},
				{
					Name:   pulumi.String("OutboundMessageCount"),
					Metric: pulumi.String("aws:num-messages-sent"),
					Criteria: {
						DurationSeconds:    pulumi.Int(300),
						ComparisonOperator: iot.SecurityProfileBehaviorCriteriaComparisonOperatorLessThanEquals,
						Value: {
							Count: pulumi.String("50"),
						},
					},
				},
				{
					Name:   pulumi.String("AuthFailuresStatThreshold"),
					Metric: pulumi.String("aws:num-authorization-failures"),
					Criteria: {
						ComparisonOperator: iot.SecurityProfileBehaviorCriteriaComparisonOperatorLessThanEquals,
						DurationSeconds:    pulumi.Int(300),
						StatisticalThreshold: {
							Statistic: iot.SecurityProfileStatisticalThresholdStatisticP90,
						},
					},
				},
			},
			SecurityProfileDescription: pulumi.String("Contains expected behaviors for connected devices"),
			SecurityProfileName:        pulumi.String("ProfileForConnectedDevices"),
			Tags: []iot.SecurityProfileTagArgs{
				{
					Key:   pulumi.String("Application"),
					Value: pulumi.String("SmartHome"),
				},
			},
			TargetArns: pulumi.StringArray{
				pulumi.String("arn:aws:iot:us-east-1:123456789012:all/things"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

my_security_profile = aws_native.iot.SecurityProfile("mySecurityProfile",
    additional_metrics_to_retain_v2=[
        aws_native.iot.SecurityProfileMetricToRetainArgs(
            metric="aws:num-messages-received",
        ),
        aws_native.iot.SecurityProfileMetricToRetainArgs(
            metric="aws:num-disconnects",
        ),
    ],
    alert_targets={
        "sns": {
            "alertTargetArn": "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts",
            "roleArn": "arn:aws:iam::123456789012:role/RoleForDefenderAlerts",
        },
    },
    behaviors=[
        aws_native.iot.SecurityProfileBehaviorArgs(
            name="MaxMessageSize",
            metric="aws:message-byte-size",
            criteria=aws_native.iot.SecurityProfileBehaviorCriteriaArgs(
                consecutive_datapoints_to_alarm=1,
                consecutive_datapoints_to_clear=1,
                comparison_operator=aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LESS_THAN_EQUALS,
                value=aws_native.iot.SecurityProfileMetricValueArgs(
                    count="5",
                ),
            ),
        ),
        aws_native.iot.SecurityProfileBehaviorArgs(
            name="OutboundMessageCount",
            metric="aws:num-messages-sent",
            criteria=aws_native.iot.SecurityProfileBehaviorCriteriaArgs(
                duration_seconds=300,
                comparison_operator=aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LESS_THAN_EQUALS,
                value=aws_native.iot.SecurityProfileMetricValueArgs(
                    count="50",
                ),
            ),
        ),
        aws_native.iot.SecurityProfileBehaviorArgs(
            name="AuthFailuresStatThreshold",
            metric="aws:num-authorization-failures",
            criteria=aws_native.iot.SecurityProfileBehaviorCriteriaArgs(
                comparison_operator=aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LESS_THAN_EQUALS,
                duration_seconds=300,
                statistical_threshold=aws_native.iot.SecurityProfileStatisticalThresholdArgs(
                    statistic=aws_native.iot.SecurityProfileStatisticalThresholdStatistic.P90,
                ),
            ),
        ),
    ],
    security_profile_description="Contains expected behaviors for connected devices",
    security_profile_name="ProfileForConnectedDevices",
    tags=[aws_native.iot.SecurityProfileTagArgs(
        key="Application",
        value="SmartHome",
    )],
    target_arns=["arn:aws:iot:us-east-1:123456789012:all/things"])
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const mySecurityProfile = new aws_native.iot.SecurityProfile("mySecurityProfile", {
    additionalMetricsToRetainV2: [
        {
            metric: "aws:num-messages-received",
        },
        {
            metric: "aws:num-disconnects",
        },
    ],
    alertTargets: {
        sns: {
            alertTargetArn: "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts",
            roleArn: "arn:aws:iam::123456789012:role/RoleForDefenderAlerts",
        },
    },
    behaviors: [
        {
            name: "MaxMessageSize",
            metric: "aws:message-byte-size",
            criteria: {
                consecutiveDatapointsToAlarm: 1,
                consecutiveDatapointsToClear: 1,
                comparisonOperator: aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                value: {
                    count: "5",
                },
            },
        },
        {
            name: "OutboundMessageCount",
            metric: "aws:num-messages-sent",
            criteria: {
                durationSeconds: 300,
                comparisonOperator: aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                value: {
                    count: "50",
                },
            },
        },
        {
            name: "AuthFailuresStatThreshold",
            metric: "aws:num-authorization-failures",
            criteria: {
                comparisonOperator: aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                durationSeconds: 300,
                statisticalThreshold: {
                    statistic: aws_native.iot.SecurityProfileStatisticalThresholdStatistic.P90,
                },
            },
        },
    ],
    securityProfileDescription: "Contains expected behaviors for connected devices",
    securityProfileName: "ProfileForConnectedDevices",
    tags: [{
        key: "Application",
        value: "SmartHome",
    }],
    targetArns: ["arn:aws:iot:us-east-1:123456789012:all/things"],
});

Coming soon!

Example

using System.Collections.Generic;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var mySecurityProfile = new AwsNative.IoT.SecurityProfile("mySecurityProfile", new()
    {
        AdditionalMetricsToRetainV2 = new[]
        {
            new AwsNative.IoT.Inputs.SecurityProfileMetricToRetainArgs
            {
                Metric = "aws:num-messages-received",
            },
            new AwsNative.IoT.Inputs.SecurityProfileMetricToRetainArgs
            {
                Metric = "aws:num-disconnects",
            },
        },
        AlertTargets = 
        {
            { "sns", 
            {
                { "alertTargetArn", "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts" },
                { "roleArn", "arn:aws:iam::123456789012:role/RoleForDefenderAlerts" },
            } },
        },
        Behaviors = new[]
        {
            new AwsNative.IoT.Inputs.SecurityProfileBehaviorArgs
            {
                Name = "MaxMessageSize",
                Metric = "aws:message-byte-size",
                Criteria = new AwsNative.IoT.Inputs.SecurityProfileBehaviorCriteriaArgs
                {
                    ConsecutiveDatapointsToAlarm = 1,
                    ConsecutiveDatapointsToClear = 1,
                    ComparisonOperator = AwsNative.IoT.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                    Value = new AwsNative.IoT.Inputs.SecurityProfileMetricValueArgs
                    {
                        Count = "5",
                    },
                },
            },
            new AwsNative.IoT.Inputs.SecurityProfileBehaviorArgs
            {
                Name = "OutboundMessageCount",
                Metric = "aws:num-messages-sent",
                Criteria = new AwsNative.IoT.Inputs.SecurityProfileBehaviorCriteriaArgs
                {
                    DurationSeconds = 300,
                    ComparisonOperator = AwsNative.IoT.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                    Value = new AwsNative.IoT.Inputs.SecurityProfileMetricValueArgs
                    {
                        Count = "50",
                    },
                },
            },
            new AwsNative.IoT.Inputs.SecurityProfileBehaviorArgs
            {
                Name = "AuthFailuresStatThreshold",
                Metric = "aws:num-authorization-failures",
                Criteria = new AwsNative.IoT.Inputs.SecurityProfileBehaviorCriteriaArgs
                {
                    ComparisonOperator = AwsNative.IoT.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                    DurationSeconds = 300,
                    StatisticalThreshold = new AwsNative.IoT.Inputs.SecurityProfileStatisticalThresholdArgs
                    {
                        Statistic = AwsNative.IoT.SecurityProfileStatisticalThresholdStatistic.P90,
                    },
                },
            },
        },
        SecurityProfileDescription = "Contains expected behaviors for connected devices",
        SecurityProfileName = "ProfileForConnectedDevices",
        Tags = new[]
        {
            new AwsNative.IoT.Inputs.SecurityProfileTagArgs
            {
                Key = "Application",
                Value = "SmartHome",
            },
        },
        TargetArns = new[]
        {
            "arn:aws:iot:us-east-1:123456789012:all/things",
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iot"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iot.NewSecurityProfile(ctx, "mySecurityProfile", &iot.SecurityProfileArgs{
			AdditionalMetricsToRetainV2: []iot.SecurityProfileMetricToRetainArgs{
				{
					Metric: pulumi.String("aws:num-messages-received"),
				},
				{
					Metric: pulumi.String("aws:num-disconnects"),
				},
			},
			AlertTargets: pulumi.Any{
				Sns: map[string]interface{}{
					"alertTargetArn": "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts",
					"roleArn":        "arn:aws:iam::123456789012:role/RoleForDefenderAlerts",
				},
			},
			Behaviors: []iot.SecurityProfileBehaviorArgs{
				{
					Name:   pulumi.String("MaxMessageSize"),
					Metric: pulumi.String("aws:message-byte-size"),
					Criteria: {
						ConsecutiveDatapointsToAlarm: pulumi.Int(1),
						ConsecutiveDatapointsToClear: pulumi.Int(1),
						ComparisonOperator:           iot.SecurityProfileBehaviorCriteriaComparisonOperatorLessThanEquals,
						Value: {
							Count: pulumi.String("5"),
						},
					},
				},
				{
					Name:   pulumi.String("OutboundMessageCount"),
					Metric: pulumi.String("aws:num-messages-sent"),
					Criteria: {
						DurationSeconds:    pulumi.Int(300),
						ComparisonOperator: iot.SecurityProfileBehaviorCriteriaComparisonOperatorLessThanEquals,
						Value: {
							Count: pulumi.String("50"),
						},
					},
				},
				{
					Name:   pulumi.String("AuthFailuresStatThreshold"),
					Metric: pulumi.String("aws:num-authorization-failures"),
					Criteria: {
						ComparisonOperator: iot.SecurityProfileBehaviorCriteriaComparisonOperatorLessThanEquals,
						DurationSeconds:    pulumi.Int(300),
						StatisticalThreshold: {
							Statistic: iot.SecurityProfileStatisticalThresholdStatisticP90,
						},
					},
				},
			},
			SecurityProfileDescription: pulumi.String("Contains expected behaviors for connected devices"),
			SecurityProfileName:        pulumi.String("ProfileForConnectedDevices"),
			Tags: []iot.SecurityProfileTagArgs{
				{
					Key:   pulumi.String("Application"),
					Value: pulumi.String("SmartHome"),
				},
			},
			TargetArns: pulumi.StringArray{
				pulumi.String("arn:aws:iot:us-east-1:123456789012:all/things"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

my_security_profile = aws_native.iot.SecurityProfile("mySecurityProfile",
    additional_metrics_to_retain_v2=[
        aws_native.iot.SecurityProfileMetricToRetainArgs(
            metric="aws:num-messages-received",
        ),
        aws_native.iot.SecurityProfileMetricToRetainArgs(
            metric="aws:num-disconnects",
        ),
    ],
    alert_targets={
        "sns": {
            "alertTargetArn": "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts",
            "roleArn": "arn:aws:iam::123456789012:role/RoleForDefenderAlerts",
        },
    },
    behaviors=[
        aws_native.iot.SecurityProfileBehaviorArgs(
            name="MaxMessageSize",
            metric="aws:message-byte-size",
            criteria=aws_native.iot.SecurityProfileBehaviorCriteriaArgs(
                consecutive_datapoints_to_alarm=1,
                consecutive_datapoints_to_clear=1,
                comparison_operator=aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LESS_THAN_EQUALS,
                value=aws_native.iot.SecurityProfileMetricValueArgs(
                    count="5",
                ),
            ),
        ),
        aws_native.iot.SecurityProfileBehaviorArgs(
            name="OutboundMessageCount",
            metric="aws:num-messages-sent",
            criteria=aws_native.iot.SecurityProfileBehaviorCriteriaArgs(
                duration_seconds=300,
                comparison_operator=aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LESS_THAN_EQUALS,
                value=aws_native.iot.SecurityProfileMetricValueArgs(
                    count="50",
                ),
            ),
        ),
        aws_native.iot.SecurityProfileBehaviorArgs(
            name="AuthFailuresStatThreshold",
            metric="aws:num-authorization-failures",
            criteria=aws_native.iot.SecurityProfileBehaviorCriteriaArgs(
                comparison_operator=aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LESS_THAN_EQUALS,
                duration_seconds=300,
                statistical_threshold=aws_native.iot.SecurityProfileStatisticalThresholdArgs(
                    statistic=aws_native.iot.SecurityProfileStatisticalThresholdStatistic.P90,
                ),
            ),
        ),
    ],
    security_profile_description="Contains expected behaviors for connected devices",
    security_profile_name="ProfileForConnectedDevices",
    tags=[aws_native.iot.SecurityProfileTagArgs(
        key="Application",
        value="SmartHome",
    )],
    target_arns=["arn:aws:iot:us-east-1:123456789012:all/things"])
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const mySecurityProfile = new aws_native.iot.SecurityProfile("mySecurityProfile", {
    additionalMetricsToRetainV2: [
        {
            metric: "aws:num-messages-received",
        },
        {
            metric: "aws:num-disconnects",
        },
    ],
    alertTargets: {
        sns: {
            alertTargetArn: "arn:aws:sns:us-east-1:123456789012:DeviceDefenderDetectAlerts",
            roleArn: "arn:aws:iam::123456789012:role/RoleForDefenderAlerts",
        },
    },
    behaviors: [
        {
            name: "MaxMessageSize",
            metric: "aws:message-byte-size",
            criteria: {
                consecutiveDatapointsToAlarm: 1,
                consecutiveDatapointsToClear: 1,
                comparisonOperator: aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                value: {
                    count: "5",
                },
            },
        },
        {
            name: "OutboundMessageCount",
            metric: "aws:num-messages-sent",
            criteria: {
                durationSeconds: 300,
                comparisonOperator: aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                value: {
                    count: "50",
                },
            },
        },
        {
            name: "AuthFailuresStatThreshold",
            metric: "aws:num-authorization-failures",
            criteria: {
                comparisonOperator: aws_native.iot.SecurityProfileBehaviorCriteriaComparisonOperator.LessThanEquals,
                durationSeconds: 300,
                statisticalThreshold: {
                    statistic: aws_native.iot.SecurityProfileStatisticalThresholdStatistic.P90,
                },
            },
        },
    ],
    securityProfileDescription: "Contains expected behaviors for connected devices",
    securityProfileName: "ProfileForConnectedDevices",
    tags: [{
        key: "Application",
        value: "SmartHome",
    }],
    targetArns: ["arn:aws:iot:us-east-1:123456789012:all/things"],
});

Coming soon!

Create SecurityProfile Resource

new SecurityProfile(name: string, args?: SecurityProfileArgs, opts?: CustomResourceOptions);
@overload
def SecurityProfile(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    additional_metrics_to_retain_v2: Optional[Sequence[SecurityProfileMetricToRetainArgs]] = None,
                    alert_targets: Optional[Any] = None,
                    behaviors: Optional[Sequence[SecurityProfileBehaviorArgs]] = None,
                    security_profile_description: Optional[str] = None,
                    security_profile_name: Optional[str] = None,
                    tags: Optional[Sequence[SecurityProfileTagArgs]] = None,
                    target_arns: Optional[Sequence[str]] = None)
@overload
def SecurityProfile(resource_name: str,
                    args: Optional[SecurityProfileArgs] = None,
                    opts: Optional[ResourceOptions] = None)
func NewSecurityProfile(ctx *Context, name string, args *SecurityProfileArgs, opts ...ResourceOption) (*SecurityProfile, error)
public SecurityProfile(string name, SecurityProfileArgs? args = null, CustomResourceOptions? opts = null)
public SecurityProfile(String name, SecurityProfileArgs args)
public SecurityProfile(String name, SecurityProfileArgs args, CustomResourceOptions options)
type: aws-native:iot:SecurityProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args SecurityProfileArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SecurityProfileArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SecurityProfileArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SecurityProfileArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args SecurityProfileArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

SecurityProfile Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecurityProfile resource accepts the following input properties:

AdditionalMetricsToRetainV2 List<Pulumi.AwsNative.IoT.Inputs.SecurityProfileMetricToRetainArgs>

A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here.

AlertTargets object

Specifies the destinations to which alerts are sent.

Behaviors List<Pulumi.AwsNative.IoT.Inputs.SecurityProfileBehaviorArgs>

Specifies the behaviors that, when violated by a device (thing), cause an alert.

SecurityProfileDescription string

A description of the security profile.

SecurityProfileName string

A unique identifier for the security profile.

Tags List<Pulumi.AwsNative.IoT.Inputs.SecurityProfileTagArgs>

Metadata that can be used to manage the security profile.

TargetArns List<string>

A set of target ARNs that the security profile is attached to.

AdditionalMetricsToRetainV2 []SecurityProfileMetricToRetainArgs

A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here.

AlertTargets interface{}

Specifies the destinations to which alerts are sent.

Behaviors []SecurityProfileBehaviorArgs

Specifies the behaviors that, when violated by a device (thing), cause an alert.

SecurityProfileDescription string

A description of the security profile.

SecurityProfileName string

A unique identifier for the security profile.

Tags []SecurityProfileTagArgs

Metadata that can be used to manage the security profile.

TargetArns []string

A set of target ARNs that the security profile is attached to.

additionalMetricsToRetainV2 List<SecurityProfileMetricToRetainArgs>

A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here.

alertTargets Object

Specifies the destinations to which alerts are sent.

behaviors List<SecurityProfileBehaviorArgs>

Specifies the behaviors that, when violated by a device (thing), cause an alert.

securityProfileDescription String

A description of the security profile.

securityProfileName String

A unique identifier for the security profile.

tags List<SecurityProfileTagArgs>

Metadata that can be used to manage the security profile.

targetArns List<String>

A set of target ARNs that the security profile is attached to.

additionalMetricsToRetainV2 SecurityProfileMetricToRetainArgs[]

A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here.

alertTargets any

Specifies the destinations to which alerts are sent.

behaviors SecurityProfileBehaviorArgs[]

Specifies the behaviors that, when violated by a device (thing), cause an alert.

securityProfileDescription string

A description of the security profile.

securityProfileName string

A unique identifier for the security profile.

tags SecurityProfileTagArgs[]

Metadata that can be used to manage the security profile.

targetArns string[]

A set of target ARNs that the security profile is attached to.

additional_metrics_to_retain_v2 Sequence[SecurityProfileMetricToRetainArgs]

A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here.

alert_targets Any

Specifies the destinations to which alerts are sent.

behaviors Sequence[SecurityProfileBehaviorArgs]

Specifies the behaviors that, when violated by a device (thing), cause an alert.

security_profile_description str

A description of the security profile.

security_profile_name str

A unique identifier for the security profile.

tags Sequence[SecurityProfileTagArgs]

Metadata that can be used to manage the security profile.

target_arns Sequence[str]

A set of target ARNs that the security profile is attached to.

additionalMetricsToRetainV2 List<Property Map>

A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here.

alertTargets Any

Specifies the destinations to which alerts are sent.

behaviors List<Property Map>

Specifies the behaviors that, when violated by a device (thing), cause an alert.

securityProfileDescription String

A description of the security profile.

securityProfileName String

A unique identifier for the security profile.

tags List<Property Map>

Metadata that can be used to manage the security profile.

targetArns List<String>

A set of target ARNs that the security profile is attached to.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityProfile resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

SecurityProfileArn string

The ARN (Amazon resource name) of the created security profile.

Id string

The provider-assigned unique ID for this managed resource.

SecurityProfileArn string

The ARN (Amazon resource name) of the created security profile.

id String

The provider-assigned unique ID for this managed resource.

securityProfileArn String

The ARN (Amazon resource name) of the created security profile.

id string

The provider-assigned unique ID for this managed resource.

securityProfileArn string

The ARN (Amazon resource name) of the created security profile.

id str

The provider-assigned unique ID for this managed resource.

security_profile_arn str

The ARN (Amazon resource name) of the created security profile.

id String

The provider-assigned unique ID for this managed resource.

securityProfileArn String

The ARN (Amazon resource name) of the created security profile.

Supporting Types

SecurityProfileBehavior

Name string

The name for the behavior.

Criteria Pulumi.AwsNative.IoT.Inputs.SecurityProfileBehaviorCriteria
Metric string

What is measured by the behavior.

MetricDimension Pulumi.AwsNative.IoT.Inputs.SecurityProfileMetricDimension
SuppressAlerts bool

Manage Detect alarm SNS notifications by setting behavior notification to on or suppressed. Detect will continue to performing device behavior evaluations. However, suppressed alarms wouldn't be forwarded for SNS notification.

Name string

The name for the behavior.

Criteria SecurityProfileBehaviorCriteria
Metric string

What is measured by the behavior.

MetricDimension SecurityProfileMetricDimension
SuppressAlerts bool

Manage Detect alarm SNS notifications by setting behavior notification to on or suppressed. Detect will continue to performing device behavior evaluations. However, suppressed alarms wouldn't be forwarded for SNS notification.

name String

The name for the behavior.

criteria SecurityProfileBehaviorCriteria
metric String

What is measured by the behavior.

metricDimension SecurityProfileMetricDimension
suppressAlerts Boolean

Manage Detect alarm SNS notifications by setting behavior notification to on or suppressed. Detect will continue to performing device behavior evaluations. However, suppressed alarms wouldn't be forwarded for SNS notification.

name string

The name for the behavior.

criteria SecurityProfileBehaviorCriteria
metric string

What is measured by the behavior.

metricDimension SecurityProfileMetricDimension
suppressAlerts boolean

Manage Detect alarm SNS notifications by setting behavior notification to on or suppressed. Detect will continue to performing device behavior evaluations. However, suppressed alarms wouldn't be forwarded for SNS notification.

name str

The name for the behavior.

criteria SecurityProfileBehaviorCriteria
metric str

What is measured by the behavior.

metric_dimension SecurityProfileMetricDimension
suppress_alerts bool

Manage Detect alarm SNS notifications by setting behavior notification to on or suppressed. Detect will continue to performing device behavior evaluations. However, suppressed alarms wouldn't be forwarded for SNS notification.

name String

The name for the behavior.

criteria Property Map
metric String

What is measured by the behavior.

metricDimension Property Map
suppressAlerts Boolean

Manage Detect alarm SNS notifications by setting behavior notification to on or suppressed. Detect will continue to performing device behavior evaluations. However, suppressed alarms wouldn't be forwarded for SNS notification.

SecurityProfileBehaviorCriteria

ComparisonOperator Pulumi.AwsNative.IoT.SecurityProfileBehaviorCriteriaComparisonOperator

The operator that relates the thing measured (metric) to the criteria (containing a value or statisticalThreshold).

ConsecutiveDatapointsToAlarm int

If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.

ConsecutiveDatapointsToClear int

If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.

DurationSeconds int

Use this to specify the time duration over which the behavior is evaluated.

MlDetectionConfig Pulumi.AwsNative.IoT.Inputs.SecurityProfileMachineLearningDetectionConfig
StatisticalThreshold Pulumi.AwsNative.IoT.Inputs.SecurityProfileStatisticalThreshold
Value Pulumi.AwsNative.IoT.Inputs.SecurityProfileMetricValue
ComparisonOperator SecurityProfileBehaviorCriteriaComparisonOperator

The operator that relates the thing measured (metric) to the criteria (containing a value or statisticalThreshold).

ConsecutiveDatapointsToAlarm int

If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.

ConsecutiveDatapointsToClear int

If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.

DurationSeconds int

Use this to specify the time duration over which the behavior is evaluated.

MlDetectionConfig SecurityProfileMachineLearningDetectionConfig
StatisticalThreshold SecurityProfileStatisticalThreshold
Value SecurityProfileMetricValue
comparisonOperator SecurityProfileBehaviorCriteriaComparisonOperator

The operator that relates the thing measured (metric) to the criteria (containing a value or statisticalThreshold).

consecutiveDatapointsToAlarm Integer

If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.

consecutiveDatapointsToClear Integer

If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.

durationSeconds Integer

Use this to specify the time duration over which the behavior is evaluated.

mlDetectionConfig SecurityProfileMachineLearningDetectionConfig
statisticalThreshold SecurityProfileStatisticalThreshold
value SecurityProfileMetricValue
comparisonOperator SecurityProfileBehaviorCriteriaComparisonOperator

The operator that relates the thing measured (metric) to the criteria (containing a value or statisticalThreshold).

consecutiveDatapointsToAlarm number

If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.

consecutiveDatapointsToClear number

If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.

durationSeconds number

Use this to specify the time duration over which the behavior is evaluated.

mlDetectionConfig SecurityProfileMachineLearningDetectionConfig
statisticalThreshold SecurityProfileStatisticalThreshold
value SecurityProfileMetricValue
comparison_operator SecurityProfileBehaviorCriteriaComparisonOperator

The operator that relates the thing measured (metric) to the criteria (containing a value or statisticalThreshold).

consecutive_datapoints_to_alarm int

If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.

consecutive_datapoints_to_clear int

If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.

duration_seconds int

Use this to specify the time duration over which the behavior is evaluated.

ml_detection_config SecurityProfileMachineLearningDetectionConfig
statistical_threshold SecurityProfileStatisticalThreshold
value SecurityProfileMetricValue
comparisonOperator "less-than" | "less-than-equals" | "greater-than" | "greater-than-equals" | "in-cidr-set" | "not-in-cidr-set" | "in-port-set" | "not-in-port-set" | "in-set" | "not-in-set"

The operator that relates the thing measured (metric) to the criteria (containing a value or statisticalThreshold).

consecutiveDatapointsToAlarm Number

If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.

consecutiveDatapointsToClear Number

If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.

durationSeconds Number

Use this to specify the time duration over which the behavior is evaluated.

mlDetectionConfig Property Map
statisticalThreshold Property Map
value Property Map

SecurityProfileBehaviorCriteriaComparisonOperator

LessThan
less-than
LessThanEquals
less-than-equals
GreaterThan
greater-than
GreaterThanEquals
greater-than-equals
InCidrSet
in-cidr-set
NotInCidrSet
not-in-cidr-set
InPortSet
in-port-set
NotInPortSet
not-in-port-set
InSet
in-set
NotInSet
not-in-set
SecurityProfileBehaviorCriteriaComparisonOperatorLessThan
less-than
SecurityProfileBehaviorCriteriaComparisonOperatorLessThanEquals
less-than-equals
SecurityProfileBehaviorCriteriaComparisonOperatorGreaterThan
greater-than
SecurityProfileBehaviorCriteriaComparisonOperatorGreaterThanEquals
greater-than-equals
SecurityProfileBehaviorCriteriaComparisonOperatorInCidrSet
in-cidr-set
SecurityProfileBehaviorCriteriaComparisonOperatorNotInCidrSet
not-in-cidr-set
SecurityProfileBehaviorCriteriaComparisonOperatorInPortSet
in-port-set
SecurityProfileBehaviorCriteriaComparisonOperatorNotInPortSet
not-in-port-set
SecurityProfileBehaviorCriteriaComparisonOperatorInSet
in-set
SecurityProfileBehaviorCriteriaComparisonOperatorNotInSet
not-in-set
LessThan
less-than
LessThanEquals
less-than-equals
GreaterThan
greater-than
GreaterThanEquals
greater-than-equals
InCidrSet
in-cidr-set
NotInCidrSet
not-in-cidr-set
InPortSet
in-port-set
NotInPortSet
not-in-port-set
InSet
in-set
NotInSet
not-in-set
LessThan
less-than
LessThanEquals
less-than-equals
GreaterThan
greater-than
GreaterThanEquals
greater-than-equals
InCidrSet
in-cidr-set
NotInCidrSet
not-in-cidr-set
InPortSet
in-port-set
NotInPortSet
not-in-port-set
InSet
in-set
NotInSet
not-in-set
LESS_THAN
less-than
LESS_THAN_EQUALS
less-than-equals
GREATER_THAN
greater-than
GREATER_THAN_EQUALS
greater-than-equals
IN_CIDR_SET
in-cidr-set
NOT_IN_CIDR_SET
not-in-cidr-set
IN_PORT_SET
in-port-set
NOT_IN_PORT_SET
not-in-port-set
IN_SET
in-set
NOT_IN_SET
not-in-set
"less-than"
less-than
"less-than-equals"
less-than-equals
"greater-than"
greater-than
"greater-than-equals"
greater-than-equals
"in-cidr-set"
in-cidr-set
"not-in-cidr-set"
not-in-cidr-set
"in-port-set"
in-port-set
"not-in-port-set"
not-in-port-set
"in-set"
in-set
"not-in-set"
not-in-set

SecurityProfileMachineLearningDetectionConfig

ConfidenceLevel Pulumi.AwsNative.IoT.SecurityProfileMachineLearningDetectionConfigConfidenceLevel

The sensitivity of anomalous behavior evaluation. Can be Low, Medium, or High.

ConfidenceLevel SecurityProfileMachineLearningDetectionConfigConfidenceLevel

The sensitivity of anomalous behavior evaluation. Can be Low, Medium, or High.

confidenceLevel SecurityProfileMachineLearningDetectionConfigConfidenceLevel

The sensitivity of anomalous behavior evaluation. Can be Low, Medium, or High.

confidenceLevel SecurityProfileMachineLearningDetectionConfigConfidenceLevel

The sensitivity of anomalous behavior evaluation. Can be Low, Medium, or High.

confidence_level SecurityProfileMachineLearningDetectionConfigConfidenceLevel

The sensitivity of anomalous behavior evaluation. Can be Low, Medium, or High.

confidenceLevel "LOW" | "MEDIUM" | "HIGH"

The sensitivity of anomalous behavior evaluation. Can be Low, Medium, or High.

SecurityProfileMachineLearningDetectionConfigConfidenceLevel

Low
LOW
Medium
MEDIUM
High
HIGH
SecurityProfileMachineLearningDetectionConfigConfidenceLevelLow
LOW
SecurityProfileMachineLearningDetectionConfigConfidenceLevelMedium
MEDIUM
SecurityProfileMachineLearningDetectionConfigConfidenceLevelHigh
HIGH
Low
LOW
Medium
MEDIUM
High
HIGH
Low
LOW
Medium
MEDIUM
High
HIGH
LOW
LOW
MEDIUM
MEDIUM
HIGH
HIGH
"LOW"
LOW
"MEDIUM"
MEDIUM
"HIGH"
HIGH

SecurityProfileMetricDimension

DimensionName string

A unique identifier for the dimension.

Operator Pulumi.AwsNative.IoT.SecurityProfileMetricDimensionOperator

Defines how the dimensionValues of a dimension are interpreted.

DimensionName string

A unique identifier for the dimension.

Operator SecurityProfileMetricDimensionOperator

Defines how the dimensionValues of a dimension are interpreted.

dimensionName String

A unique identifier for the dimension.

operator SecurityProfileMetricDimensionOperator

Defines how the dimensionValues of a dimension are interpreted.

dimensionName string

A unique identifier for the dimension.

operator SecurityProfileMetricDimensionOperator

Defines how the dimensionValues of a dimension are interpreted.

dimension_name str

A unique identifier for the dimension.

operator SecurityProfileMetricDimensionOperator

Defines how the dimensionValues of a dimension are interpreted.

dimensionName String

A unique identifier for the dimension.

operator "IN" | "NOT_IN"

Defines how the dimensionValues of a dimension are interpreted.

SecurityProfileMetricDimensionOperator

In
IN
NotIn
NOT_IN
SecurityProfileMetricDimensionOperatorIn
IN
SecurityProfileMetricDimensionOperatorNotIn
NOT_IN
In
IN
NotIn
NOT_IN
In
IN
NotIn
NOT_IN
IN_
IN
NOT_IN
NOT_IN
"IN"
IN
"NOT_IN"
NOT_IN

SecurityProfileMetricToRetain

Metric string

What is measured by the behavior.

MetricDimension SecurityProfileMetricDimension
metric String

What is measured by the behavior.

metricDimension SecurityProfileMetricDimension
metric string

What is measured by the behavior.

metricDimension SecurityProfileMetricDimension
metric str

What is measured by the behavior.

metric_dimension SecurityProfileMetricDimension
metric String

What is measured by the behavior.

metricDimension Property Map

SecurityProfileMetricValue

Cidrs List<string>

If the ComparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric.

Count string

If the ComparisonOperator calls for a numeric value, use this to specify that (integer) numeric value to be compared with the metric.

Number double

The numeral value of a metric.

Numbers List<double>

The numeral values of a metric.

Ports List<int>

If the ComparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric.

Strings List<string>

The string values of a metric.

Cidrs []string

If the ComparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric.

Count string

If the ComparisonOperator calls for a numeric value, use this to specify that (integer) numeric value to be compared with the metric.

Number float64

The numeral value of a metric.

Numbers []float64

The numeral values of a metric.

Ports []int

If the ComparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric.

Strings []string

The string values of a metric.

cidrs List<String>

If the ComparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric.

count String

If the ComparisonOperator calls for a numeric value, use this to specify that (integer) numeric value to be compared with the metric.

number Double

The numeral value of a metric.

numbers List<Double>

The numeral values of a metric.

ports List<Integer>

If the ComparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric.

strings List<String>

The string values of a metric.

cidrs string[]

If the ComparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric.

count string

If the ComparisonOperator calls for a numeric value, use this to specify that (integer) numeric value to be compared with the metric.

number number

The numeral value of a metric.

numbers number[]

The numeral values of a metric.

ports number[]

If the ComparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric.

strings string[]

The string values of a metric.

cidrs Sequence[str]

If the ComparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric.

count str

If the ComparisonOperator calls for a numeric value, use this to specify that (integer) numeric value to be compared with the metric.

number float

The numeral value of a metric.

numbers Sequence[float]

The numeral values of a metric.

ports Sequence[int]

If the ComparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric.

strings Sequence[str]

The string values of a metric.

cidrs List<String>

If the ComparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric.

count String

If the ComparisonOperator calls for a numeric value, use this to specify that (integer) numeric value to be compared with the metric.

number Number

The numeral value of a metric.

numbers List<Number>

The numeral values of a metric.

ports List<Number>

If the ComparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric.

strings List<String>

The string values of a metric.

SecurityProfileStatisticalThreshold

Statistic Pulumi.AwsNative.IoT.SecurityProfileStatisticalThresholdStatistic

The percentile which resolves to a threshold value by which compliance with a behavior is determined

Statistic SecurityProfileStatisticalThresholdStatistic

The percentile which resolves to a threshold value by which compliance with a behavior is determined

statistic SecurityProfileStatisticalThresholdStatistic

The percentile which resolves to a threshold value by which compliance with a behavior is determined

statistic SecurityProfileStatisticalThresholdStatistic

The percentile which resolves to a threshold value by which compliance with a behavior is determined

statistic SecurityProfileStatisticalThresholdStatistic

The percentile which resolves to a threshold value by which compliance with a behavior is determined

statistic "Average" | "p0" | "p0.1" | "p0.01" | "p1" | "p10" | "p50" | "p90" | "p99" | "p99.9" | "p99.99" | "p100"

The percentile which resolves to a threshold value by which compliance with a behavior is determined

SecurityProfileStatisticalThresholdStatistic

Average
Average
P0
p0
P01
p0.1
P001
p0.01
P1
p1
P10
p10
P50
p50
P90
p90
P99
p99
P999
p99.9
P9999
p99.99
P100
p100
SecurityProfileStatisticalThresholdStatisticAverage
Average
SecurityProfileStatisticalThresholdStatisticP0
p0
SecurityProfileStatisticalThresholdStatisticP01
p0.1
SecurityProfileStatisticalThresholdStatisticP001
p0.01
SecurityProfileStatisticalThresholdStatisticP1
p1
SecurityProfileStatisticalThresholdStatisticP10
p10
SecurityProfileStatisticalThresholdStatisticP50
p50
SecurityProfileStatisticalThresholdStatisticP90
p90
SecurityProfileStatisticalThresholdStatisticP99
p99
SecurityProfileStatisticalThresholdStatisticP999
p99.9
SecurityProfileStatisticalThresholdStatisticP9999
p99.99
SecurityProfileStatisticalThresholdStatisticP100
p100
Average
Average
P0
p0
P01
p0.1
P001
p0.01
P1
p1
P10
p10
P50
p50
P90
p90
P99
p99
P999
p99.9
P9999
p99.99
P100
p100
Average
Average
P0
p0
P01
p0.1
P001
p0.01
P1
p1
P10
p10
P50
p50
P90
p90
P99
p99
P999
p99.9
P9999
p99.99
P100
p100
AVERAGE
Average
P0
p0
P01
p0.1
P001
p0.01
P1
p1
P10
p10
P50
p50
P90
p90
P99
p99
P999
p99.9
P9999
p99.99
P100
p100
"Average"
Average
"p0"
p0
"p0.1"
p0.1
"p0.01"
p0.01
"p1"
p1
"p10"
p10
"p50"
p50
"p90"
p90
"p99"
p99
"p99.9"
p99.9
"p99.99"
p99.99
"p100"
p100

SecurityProfileTag

Key string

The tag's key.

Value string

The tag's value.

Key string

The tag's key.

Value string

The tag's value.

key String

The tag's key.

value String

The tag's value.

key string

The tag's key.

value string

The tag's value.

key str

The tag's key.

value str

The tag's value.

key String

The tag's key.

value String

The tag's value.

Package Details

Repository
AWS Native pulumi/pulumi-aws-native
License
Apache-2.0