CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty (software.amazon.awscdk:aws-cdk-lib 2.42.1 API)

All Superinterfaces:: software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy

Enclosing class:: CfnAccountAuditConfiguration

@Stability(value=Stable)
public static interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty
extends software.amazon.jsii.JsiiSerializable

The types of audit checks that can be performed.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.iot.*;
 AuditCheckConfigurationsProperty auditCheckConfigurationsProperty = AuditCheckConfigurationsProperty.builder()
         .authenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .caCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .caCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .conflictingClientIdsCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .deviceCertificateExpiringCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .deviceCertificateKeyQualityCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .deviceCertificateSharedCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .iotPolicyOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .iotRoleAliasAllowsAccessToUnusedServicesCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .iotRoleAliasOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .loggingDisabledCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .revokedCaCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .revokedDeviceCertificateStillActiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .unauthenticatedCognitoRoleOverlyPermissiveCheck(AuditCheckConfigurationProperty.builder()
                 .enabled(false)
                 .build())
         .build();

Nested Class Summary

Nested Classes
Modifier and Type	Interface and Description
`static class`	`CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder` A builder for `CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty`
`static class`	`CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Jsii$Proxy` An implementation for `CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty`

Method Summary

All Methods Static Methods Instance Methods Default Methods
Modifier and Type	Method and Description
`static CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder`	`builder()`
`default Object`	`getAuthenticatedCognitoRoleOverlyPermissiveCheck()` Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
`default Object`	`getCaCertificateExpiringCheck()` Checks if a CA certificate is expiring.
`default Object`	`getCaCertificateKeyQualityCheck()` Checks the quality of the CA certificate key.
`default Object`	`getConflictingClientIdsCheck()` Checks if multiple devices connect using the same client ID.
`default Object`	`getDeviceCertificateExpiringCheck()` Checks if a device certificate is expiring.
`default Object`	`getDeviceCertificateKeyQualityCheck()` Checks the quality of the device certificate key.
`default Object`	`getDeviceCertificateSharedCheck()` Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
`default Object`	`getIotPolicyOverlyPermissiveCheck()` Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
`default Object`	`getIotRoleAliasAllowsAccessToUnusedServicesCheck()` Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
`default Object`	`getIotRoleAliasOverlyPermissiveCheck()` Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
`default Object`	`getLoggingDisabledCheck()` Checks if AWS IoT logs are disabled.
`default Object`	`getRevokedCaCertificateStillActiveCheck()` Checks if a revoked CA certificate is still active.
`default Object`	`getRevokedDeviceCertificateStillActiveCheck()` Checks if a revoked device certificate is still active.
`default Object`	`getUnauthenticatedCognitoRoleOverlyPermissiveCheck()` Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

- Method Detail
  - getAuthenticatedCognitoRoleOverlyPermissiveCheck
```
@Stability(value=Stable)
 @Nullable
default Object getAuthenticatedCognitoRoleOverlyPermissiveCheck()
```
    Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
    For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
  - getCaCertificateExpiringCheck
```
@Stability(value=Stable)
 @Nullable
default Object getCaCertificateExpiringCheck()
```
    Checks if a CA certificate is expiring.
    This check applies to CA certificates expiring within 30 days or that have expired.
  - getCaCertificateKeyQualityCheck
```
@Stability(value=Stable)
 @Nullable
default Object getCaCertificateKeyQualityCheck()
```
    Checks the quality of the CA certificate key.
    The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER .
  - getConflictingClientIdsCheck
```
@Stability(value=Stable)
 @Nullable
default Object getConflictingClientIdsCheck()
```
    Checks if multiple devices connect using the same client ID.
  - getDeviceCertificateExpiringCheck
```
@Stability(value=Stable)
 @Nullable
default Object getDeviceCertificateExpiringCheck()
```
    Checks if a device certificate is expiring.
    This check applies to device certificates expiring within 30 days or that have expired.
  - getDeviceCertificateKeyQualityCheck
```
@Stability(value=Stable)
 @Nullable
default Object getDeviceCertificateKeyQualityCheck()
```
    Checks the quality of the device certificate key.
    The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
  - getDeviceCertificateSharedCheck
```
@Stability(value=Stable)
 @Nullable
default Object getDeviceCertificateSharedCheck()
```
    Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
  - getIotPolicyOverlyPermissiveCheck
```
@Stability(value=Stable)
 @Nullable
default Object getIotPolicyOverlyPermissiveCheck()
```
    Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
  - getIotRoleAliasAllowsAccessToUnusedServicesCheck
```
@Stability(value=Stable)
 @Nullable
default Object getIotRoleAliasAllowsAccessToUnusedServicesCheck()
```
    Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
  - getIotRoleAliasOverlyPermissiveCheck
```
@Stability(value=Stable)
 @Nullable
default Object getIotRoleAliasOverlyPermissiveCheck()
```
    Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
  - getLoggingDisabledCheck
```
@Stability(value=Stable)
 @Nullable
default Object getLoggingDisabledCheck()
```
    Checks if AWS IoT logs are disabled.
  - getRevokedCaCertificateStillActiveCheck
```
@Stability(value=Stable)
 @Nullable
default Object getRevokedCaCertificateStillActiveCheck()
```
    Checks if a revoked CA certificate is still active.
  - getRevokedDeviceCertificateStillActiveCheck
```
@Stability(value=Stable)
 @Nullable
default Object getRevokedDeviceCertificateStillActiveCheck()
```
    Checks if a revoked device certificate is still active.
  - getUnauthenticatedCognitoRoleOverlyPermissiveCheck
```
@Stability(value=Stable)
 @Nullable
default Object getUnauthenticatedCognitoRoleOverlyPermissiveCheck()
```
    Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
  - builder
```
@Stability(value=Stable)
static CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder builder()
```
    Returns:
    
    a CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.Builder of CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Interface CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty

Nested Class Summary

Method Summary

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Method Detail

getAuthenticatedCognitoRoleOverlyPermissiveCheck

getCaCertificateExpiringCheck

getCaCertificateKeyQualityCheck

getConflictingClientIdsCheck

getDeviceCertificateExpiringCheck

getDeviceCertificateKeyQualityCheck

getDeviceCertificateSharedCheck

getIotPolicyOverlyPermissiveCheck

getIotRoleAliasAllowsAccessToUnusedServicesCheck

getIotRoleAliasOverlyPermissiveCheck

getLoggingDisabledCheck

getRevokedCaCertificateStillActiveCheck

getRevokedDeviceCertificateStillActiveCheck

getUnauthenticatedCognitoRoleOverlyPermissiveCheck

builder