Docs Home
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
aws-native.iot.getAccountAuditConfiguration
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
Configures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.
Using getAccountAuditConfiguration
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAccountAuditConfiguration(args: GetAccountAuditConfigurationArgs, opts?: InvokeOptions): Promise<GetAccountAuditConfigurationResult>
function getAccountAuditConfigurationOutput(args: GetAccountAuditConfigurationOutputArgs, opts?: InvokeOptions): Output<GetAccountAuditConfigurationResult>def get_account_audit_configuration(account_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAccountAuditConfigurationResult
def get_account_audit_configuration_output(account_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAccountAuditConfigurationResult]func LookupAccountAuditConfiguration(ctx *Context, args *LookupAccountAuditConfigurationArgs, opts ...InvokeOption) (*LookupAccountAuditConfigurationResult, error)
func LookupAccountAuditConfigurationOutput(ctx *Context, args *LookupAccountAuditConfigurationOutputArgs, opts ...InvokeOption) LookupAccountAuditConfigurationResultOutput> Note: This function is named LookupAccountAuditConfiguration in the Go SDK.
public static class GetAccountAuditConfiguration
{
public static Task<GetAccountAuditConfigurationResult> InvokeAsync(GetAccountAuditConfigurationArgs args, InvokeOptions? opts = null)
public static Output<GetAccountAuditConfigurationResult> Invoke(GetAccountAuditConfigurationInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAccountAuditConfigurationResult> getAccountAuditConfiguration(GetAccountAuditConfigurationArgs args, InvokeOptions options)
public static Output<GetAccountAuditConfigurationResult> getAccountAuditConfiguration(GetAccountAuditConfigurationArgs args, InvokeOptions options)
fn::invoke:
function: aws-native:iot:getAccountAuditConfiguration
arguments:
# arguments dictionaryThe following arguments are supported:
- Account
Id This property is required. string - Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- Account
Id This property is required. string - Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- account
Id This property is required. String - Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- account
Id This property is required. string - Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- account_
id This property is required. str - Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
- account
Id This property is required. String - Your 12-digit account ID (used as the primary identifier for the CloudFormation resource).
getAccountAuditConfiguration Result
The following output properties are available:
- Audit
Check Pulumi.Configurations Aws Native. Io T. Outputs. Account Audit Configuration Audit Check Configurations Specifies which audit checks are enabled and disabled for this account.
Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
- Audit
Notification Pulumi.Target Configurations Aws Native. Io T. Outputs. Account Audit Configuration Audit Notification Target Configurations - Information about the targets to which audit notifications are sent.
- Role
Arn string - The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- Audit
Check AccountConfigurations Audit Configuration Audit Check Configurations Specifies which audit checks are enabled and disabled for this account.
Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
- Audit
Notification AccountTarget Configurations Audit Configuration Audit Notification Target Configurations - Information about the targets to which audit notifications are sent.
- Role
Arn string - The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- audit
Check AccountConfigurations Audit Configuration Audit Check Configurations Specifies which audit checks are enabled and disabled for this account.
Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
- audit
Notification AccountTarget Configurations Audit Configuration Audit Notification Target Configurations - Information about the targets to which audit notifications are sent.
- role
Arn String - The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- audit
Check AccountConfigurations Audit Configuration Audit Check Configurations Specifies which audit checks are enabled and disabled for this account.
Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
- audit
Notification AccountTarget Configurations Audit Configuration Audit Notification Target Configurations - Information about the targets to which audit notifications are sent.
- role
Arn string - The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- audit_
check_ Accountconfigurations Audit Configuration Audit Check Configurations Specifies which audit checks are enabled and disabled for this account.
Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
- audit_
notification_ Accounttarget_ configurations Audit Configuration Audit Notification Target Configurations - Information about the targets to which audit notifications are sent.
- role_
arn str - The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
- audit
Check Property MapConfigurations Specifies which audit checks are enabled and disabled for this account.
Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the
Enabled:key tofalse.If an enabled check is removed from the template, it will also be disabled.
You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
For more information on avialbe auidt checks see AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations
- audit
Notification Property MapTarget Configurations - Information about the targets to which audit notifications are sent.
- role
Arn String - The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit.
Supporting Types
AccountAuditConfigurationAuditCheckConfiguration
- Enabled bool
- True if the check is enabled.
- Enabled bool
- True if the check is enabled.
- enabled Boolean
- True if the check is enabled.
- enabled boolean
- True if the check is enabled.
- enabled bool
- True if the check is enabled.
- enabled Boolean
- True if the check is enabled.
AccountAuditConfigurationAuditCheckConfigurations
- Authenticated
Cognito Pulumi.Role Overly Permissive Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
- Ca
Certificate Pulumi.Expiring Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
- Ca
Certificate Pulumi.Key Quality Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are
ACTIVEorPENDING_TRANSFER. - Conflicting
Client Pulumi.Ids Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if multiple devices connect using the same client ID.
- Device
Certificate Pulumi.Age Check Aws Native. Io T. Inputs. Account Audit Configuration Device Cert Age Audit Check Configuration - Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
- Device
Certificate Pulumi.Expiring Check Aws Native. Io T. Inputs. Account Audit Configuration Device Cert Expiration Audit Check Configuration - Checks if a device certificate is expiring. By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.
- Device
Certificate Pulumi.Key Quality Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
-
Pulumi.
Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
- Intermediate
Ca Pulumi.Revoked For Active Device Certificates Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if device certificates are still active despite being revoked by an intermediate CA.
- Io
TPolicy Pulumi.Potential Mis Configuration Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
- Iot
Policy Pulumi.Overly Permissive Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
- Iot
Role Pulumi.Alias Allows Access To Unused Services Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
- Iot
Role Pulumi.Alias Overly Permissive Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
- Logging
Disabled Pulumi.Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if AWS IoT logs are disabled.
- Revoked
Ca Pulumi.Certificate Still Active Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if a revoked CA certificate is still active.
- Revoked
Device Pulumi.Certificate Still Active Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if a revoked device certificate is still active.
- Unauthenticated
Cognito Pulumi.Role Overly Permissive Check Aws Native. Io T. Inputs. Account Audit Configuration Audit Check Configuration - Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
- Authenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
- Ca
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
- Ca
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are
ACTIVEorPENDING_TRANSFER. - Conflicting
Client AccountIds Check Audit Configuration Audit Check Configuration - Checks if multiple devices connect using the same client ID.
- Device
Certificate AccountAge Check Audit Configuration Device Cert Age Audit Check Configuration - Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
- Device
Certificate AccountExpiring Check Audit Configuration Device Cert Expiration Audit Check Configuration - Checks if a device certificate is expiring. By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.
- Device
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
-
Account
Audit Configuration Audit Check Configuration - Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
- Intermediate
Ca AccountRevoked For Active Device Certificates Check Audit Configuration Audit Check Configuration - Checks if device certificates are still active despite being revoked by an intermediate CA.
- Io
TPolicy AccountPotential Mis Configuration Check Audit Configuration Audit Check Configuration - Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
- Iot
Policy AccountOverly Permissive Check Audit Configuration Audit Check Configuration - Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
- Iot
Role AccountAlias Allows Access To Unused Services Check Audit Configuration Audit Check Configuration - Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
- Iot
Role AccountAlias Overly Permissive Check Audit Configuration Audit Check Configuration - Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
- Logging
Disabled AccountCheck Audit Configuration Audit Check Configuration - Checks if AWS IoT logs are disabled.
- Revoked
Ca AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - Checks if a revoked CA certificate is still active.
- Revoked
Device AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - Checks if a revoked device certificate is still active.
- Unauthenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
- authenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
- ca
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
- ca
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are
ACTIVEorPENDING_TRANSFER. - conflicting
Client AccountIds Check Audit Configuration Audit Check Configuration - Checks if multiple devices connect using the same client ID.
- device
Certificate AccountAge Check Audit Configuration Device Cert Age Audit Check Configuration - Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
- device
Certificate AccountExpiring Check Audit Configuration Device Cert Expiration Audit Check Configuration - Checks if a device certificate is expiring. By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.
- device
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
-
Account
Audit Configuration Audit Check Configuration - Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
- intermediate
Ca AccountRevoked For Active Device Certificates Check Audit Configuration Audit Check Configuration - Checks if device certificates are still active despite being revoked by an intermediate CA.
- io
TPolicy AccountPotential Mis Configuration Check Audit Configuration Audit Check Configuration - Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
- iot
Policy AccountOverly Permissive Check Audit Configuration Audit Check Configuration - Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
- iot
Role AccountAlias Allows Access To Unused Services Check Audit Configuration Audit Check Configuration - Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
- iot
Role AccountAlias Overly Permissive Check Audit Configuration Audit Check Configuration - Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
- logging
Disabled AccountCheck Audit Configuration Audit Check Configuration - Checks if AWS IoT logs are disabled.
- revoked
Ca AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - Checks if a revoked CA certificate is still active.
- revoked
Device AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - Checks if a revoked device certificate is still active.
- unauthenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
- authenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
- ca
Certificate AccountExpiring Check Audit Configuration Audit Check Configuration - Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
- ca
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are
ACTIVEorPENDING_TRANSFER. - conflicting
Client AccountIds Check Audit Configuration Audit Check Configuration - Checks if multiple devices connect using the same client ID.
- device
Certificate AccountAge Check Audit Configuration Device Cert Age Audit Check Configuration - Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
- device
Certificate AccountExpiring Check Audit Configuration Device Cert Expiration Audit Check Configuration - Checks if a device certificate is expiring. By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.
- device
Certificate AccountKey Quality Check Audit Configuration Audit Check Configuration - Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
-
Account
Audit Configuration Audit Check Configuration - Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
- intermediate
Ca AccountRevoked For Active Device Certificates Check Audit Configuration Audit Check Configuration - Checks if device certificates are still active despite being revoked by an intermediate CA.
- io
TPolicy AccountPotential Mis Configuration Check Audit Configuration Audit Check Configuration - Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
- iot
Policy AccountOverly Permissive Check Audit Configuration Audit Check Configuration - Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
- iot
Role AccountAlias Allows Access To Unused Services Check Audit Configuration Audit Check Configuration - Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
- iot
Role AccountAlias Overly Permissive Check Audit Configuration Audit Check Configuration - Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
- logging
Disabled AccountCheck Audit Configuration Audit Check Configuration - Checks if AWS IoT logs are disabled.
- revoked
Ca AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - Checks if a revoked CA certificate is still active.
- revoked
Device AccountCertificate Still Active Check Audit Configuration Audit Check Configuration - Checks if a revoked device certificate is still active.
- unauthenticated
Cognito AccountRole Overly Permissive Check Audit Configuration Audit Check Configuration - Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
- authenticated_
cognito_ Accountrole_ overly_ permissive_ check Audit Configuration Audit Check Configuration - Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
- ca_
certificate_ Accountexpiring_ check Audit Configuration Audit Check Configuration - Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
- ca_
certificate_ Accountkey_ quality_ check Audit Configuration Audit Check Configuration - Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are
ACTIVEorPENDING_TRANSFER. - conflicting_
client_ Accountids_ check Audit Configuration Audit Check Configuration - Checks if multiple devices connect using the same client ID.
- device_
certificate_ Accountage_ check Audit Configuration Device Cert Age Audit Check Configuration - Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
- device_
certificate_ Accountexpiring_ check Audit Configuration Device Cert Expiration Audit Check Configuration - Checks if a device certificate is expiring. By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.
- device_
certificate_ Accountkey_ quality_ check Audit Configuration Audit Check Configuration - Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
-
Account
Audit Configuration Audit Check Configuration - Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
- intermediate_
ca_ Accountrevoked_ for_ active_ device_ certificates_ check Audit Configuration Audit Check Configuration - Checks if device certificates are still active despite being revoked by an intermediate CA.
- io_
t_ Accountpolicy_ potential_ mis_ configuration_ check Audit Configuration Audit Check Configuration - Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
- iot_
policy_ Accountoverly_ permissive_ check Audit Configuration Audit Check Configuration - Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
- iot_
role_ Accountalias_ allows_ access_ to_ unused_ services_ check Audit Configuration Audit Check Configuration - Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
- iot_
role_ Accountalias_ overly_ permissive_ check Audit Configuration Audit Check Configuration - Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
- logging_
disabled_ Accountcheck Audit Configuration Audit Check Configuration - Checks if AWS IoT logs are disabled.
- revoked_
ca_ Accountcertificate_ still_ active_ check Audit Configuration Audit Check Configuration - Checks if a revoked CA certificate is still active.
- revoked_
device_ Accountcertificate_ still_ active_ check Audit Configuration Audit Check Configuration - Checks if a revoked device certificate is still active.
- unauthenticated_
cognito_ Accountrole_ overly_ permissive_ check Audit Configuration Audit Check Configuration - Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
- authenticated
Cognito Property MapRole Overly Permissive Check - Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed.
- ca
Certificate Property MapExpiring Check - Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired.
- ca
Certificate Property MapKey Quality Check - Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are
ACTIVEorPENDING_TRANSFER. - conflicting
Client Property MapIds Check - Checks if multiple devices connect using the same client ID.
- device
Certificate Property MapAge Check - Checks when a device certificate has been active for a number of days greater than or equal to the number you specify.
- device
Certificate Property MapExpiring Check - Checks if a device certificate is expiring. By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration.
- device
Certificate Property MapKey Quality Check - Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size.
- Property Map
- Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT .
- intermediate
Ca Property MapRevoked For Active Device Certificates Check - Checks if device certificates are still active despite being revoked by an intermediate CA.
- io
TPolicy Property MapPotential Mis Configuration Check - Checks if an AWS IoT policy is potentially misconfigured. Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
- iot
Policy Property MapOverly Permissive Check - Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
- iot
Role Property MapAlias Allows Access To Unused Services Check - Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
- iot
Role Property MapAlias Overly Permissive Check - Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
- logging
Disabled Property MapCheck - Checks if AWS IoT logs are disabled.
- revoked
Ca Property MapCertificate Still Active Check - Checks if a revoked CA certificate is still active.
- revoked
Device Property MapCertificate Still Active Check - Checks if a revoked device certificate is still active.
- unauthenticated
Cognito Property MapRole Overly Permissive Check - Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
AccountAuditConfigurationAuditNotificationTarget
- enabled bool
- True if notifications to the target are enabled.
- role_
arn str - The ARN of the role that grants permission to send notifications to the target.
- target_
arn str - The ARN of the target (SNS topic) to which audit notifications are sent.
AccountAuditConfigurationAuditNotificationTargetConfigurations
- Sns
Pulumi.
Aws Native. Io T. Inputs. Account Audit Configuration Audit Notification Target - The
Snsnotification target.
- Sns
Account
Audit Configuration Audit Notification Target - The
Snsnotification target.
- sns
Account
Audit Configuration Audit Notification Target - The
Snsnotification target.
- sns
Account
Audit Configuration Audit Notification Target - The
Snsnotification target.
- sns
Account
Audit Configuration Audit Notification Target - The
Snsnotification target.
- sns Property Map
- The
Snsnotification target.
AccountAuditConfigurationCertAgeCheckCustomConfiguration
- Cert
Age stringThreshold In Days - The number of days that defines when a device certificate is considered to have aged. The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value.
- Cert
Age stringThreshold In Days - The number of days that defines when a device certificate is considered to have aged. The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value.
- cert
Age StringThreshold In Days - The number of days that defines when a device certificate is considered to have aged. The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value.
- cert
Age stringThreshold In Days - The number of days that defines when a device certificate is considered to have aged. The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value.
- cert_
age_ strthreshold_ in_ days - The number of days that defines when a device certificate is considered to have aged. The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value.
- cert
Age StringThreshold In Days - The number of days that defines when a device certificate is considered to have aged. The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value.
AccountAuditConfigurationCertExpirationCheckCustomConfiguration
- Cert
Expiration stringThreshold In Days - The number of days before expiration that defines when a device certificate is considered to be approaching expiration. The check will report a finding if a certificate will expire within this number of days.
- Cert
Expiration stringThreshold In Days - The number of days before expiration that defines when a device certificate is considered to be approaching expiration. The check will report a finding if a certificate will expire within this number of days.
- cert
Expiration StringThreshold In Days - The number of days before expiration that defines when a device certificate is considered to be approaching expiration. The check will report a finding if a certificate will expire within this number of days.
- cert
Expiration stringThreshold In Days - The number of days before expiration that defines when a device certificate is considered to be approaching expiration. The check will report a finding if a certificate will expire within this number of days.
- cert_
expiration_ strthreshold_ in_ days - The number of days before expiration that defines when a device certificate is considered to be approaching expiration. The check will report a finding if a certificate will expire within this number of days.
- cert
Expiration StringThreshold In Days - The number of days before expiration that defines when a device certificate is considered to be approaching expiration. The check will report a finding if a certificate will expire within this number of days.
AccountAuditConfigurationDeviceCertAgeAuditCheckConfiguration
- Configuration
Pulumi.
Aws Native. Io T. Inputs. Account Audit Configuration Cert Age Check Custom Configuration - Configuration settings for the device certificate age check, including the threshold in days for certificate age. This configuration is of type
CertAgeCheckCustomConfiguration. - Enabled bool
- True if the check is enabled.
- Configuration
Account
Audit Configuration Cert Age Check Custom Configuration - Configuration settings for the device certificate age check, including the threshold in days for certificate age. This configuration is of type
CertAgeCheckCustomConfiguration. - Enabled bool
- True if the check is enabled.
- configuration
Account
Audit Configuration Cert Age Check Custom Configuration - Configuration settings for the device certificate age check, including the threshold in days for certificate age. This configuration is of type
CertAgeCheckCustomConfiguration. - enabled Boolean
- True if the check is enabled.
- configuration
Account
Audit Configuration Cert Age Check Custom Configuration - Configuration settings for the device certificate age check, including the threshold in days for certificate age. This configuration is of type
CertAgeCheckCustomConfiguration. - enabled boolean
- True if the check is enabled.
- configuration
Account
Audit Configuration Cert Age Check Custom Configuration - Configuration settings for the device certificate age check, including the threshold in days for certificate age. This configuration is of type
CertAgeCheckCustomConfiguration. - enabled bool
- True if the check is enabled.
- configuration Property Map
- Configuration settings for the device certificate age check, including the threshold in days for certificate age. This configuration is of type
CertAgeCheckCustomConfiguration. - enabled Boolean
- True if the check is enabled.
AccountAuditConfigurationDeviceCertExpirationAuditCheckConfiguration
- Configuration
Pulumi.
Aws Native. Io T. Inputs. Account Audit Configuration Cert Expiration Check Custom Configuration - Configuration settings for the device certificate expiration check, including the threshold in days before expiration. This configuration is of type
CertExpirationCheckCustomConfiguration - Enabled bool
- True if the check is enabled.
- Configuration
Account
Audit Configuration Cert Expiration Check Custom Configuration - Configuration settings for the device certificate expiration check, including the threshold in days before expiration. This configuration is of type
CertExpirationCheckCustomConfiguration - Enabled bool
- True if the check is enabled.
- configuration
Account
Audit Configuration Cert Expiration Check Custom Configuration - Configuration settings for the device certificate expiration check, including the threshold in days before expiration. This configuration is of type
CertExpirationCheckCustomConfiguration - enabled Boolean
- True if the check is enabled.
- configuration
Account
Audit Configuration Cert Expiration Check Custom Configuration - Configuration settings for the device certificate expiration check, including the threshold in days before expiration. This configuration is of type
CertExpirationCheckCustomConfiguration - enabled boolean
- True if the check is enabled.
- configuration
Account
Audit Configuration Cert Expiration Check Custom Configuration - Configuration settings for the device certificate expiration check, including the threshold in days before expiration. This configuration is of type
CertExpirationCheckCustomConfiguration - enabled bool
- True if the check is enabled.
- configuration Property Map
- Configuration settings for the device certificate expiration check, including the threshold in days before expiration. This configuration is of type
CertExpirationCheckCustomConfiguration - enabled Boolean
- True if the check is enabled.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi