{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--aws-iot-accountauditconfiguration.json", "title": "AWSIoTAccountAuditConfigurationProperties", "description": "Configures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.. Source:- ", "x-lintel": { "source": "https://raw.githubusercontent.com/lalcebo/json-schema/master/serverless/resources/cloudformation-modified/aws-iot-accountauditconfiguration.json", "sourceSha256": "4db684152eda6ffb0593b198743bf9946b9c10a64a4be72cdf6d44108bcee16f" }, "type": "object", "properties": { "AccountId": { "oneOf": [ { "type": "string", "minLength": 12, "maxLength": 12 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Your 12-digit account ID (used as the primary identifier for the CloudFormation resource)." }, "AuditCheckConfigurations": { "$ref": "#/$defs/AuditCheckConfigurations" }, "AuditNotificationTargetConfigurations": { "$ref": "#/$defs/AuditNotificationTargetConfigurations" }, "RoleArn": { "oneOf": [ { "type": "string", "minLength": 20, "maxLength": 2048 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit." } }, "typeName": "AWS::IoT::AccountAuditConfiguration", "createOnlyProperties": [ "/properties/AccountId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iot.git", "additionalProperties": false, "required": [ "AccountId", "AuditCheckConfigurations", "RoleArn" ], "$defs": { "AuditCheckConfigurations": { "description": "Specifies which audit checks are enabled and disabled for this account.", "type": "object", "properties": { "AuthenticatedCognitoRoleOverlyPermissiveCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "CaCertificateExpiringCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "CaCertificateKeyQualityCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "ConflictingClientIdsCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "DeviceCertificateExpiringCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "DeviceCertificateKeyQualityCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "DeviceCertificateSharedCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "IotPolicyOverlyPermissiveCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "IotRoleAliasAllowsAccessToUnusedServicesCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "IotRoleAliasOverlyPermissiveCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "LoggingDisabledCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "RevokedCaCertificateStillActiveCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "RevokedDeviceCertificateStillActiveCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "UnauthenticatedCognitoRoleOverlyPermissiveCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "IntermediateCaRevokedForActiveDeviceCertificatesCheck": { "$ref": "#/$defs/AuditCheckConfiguration" }, "IoTPolicyPotentialMisConfigurationCheck": { "$ref": "#/$defs/AuditCheckConfiguration" } }, "title": "AWSIoTAccountAuditConfigurationAuditCheckConfigurationsDefinition", "additionalProperties": false }, "AuditNotificationTargetConfigurations": { "description": "Information about the targets to which audit notifications are sent.", "type": "object", "properties": { "Sns": { "$ref": "#/$defs/AuditNotificationTarget" } }, "title": "AWSIoTAccountAuditConfigurationAuditNotificationTargetConfigurationsDefinition", "additionalProperties": false }, "AuditCheckConfiguration": { "description": "The configuration for a specific audit check.", "type": "object", "properties": { "Enabled": { "description": "True if the check is enabled.", "type": "boolean" } }, "title": "AWSIoTAccountAuditConfigurationAuditCheckConfigurationDefinition", "additionalProperties": false }, "AuditNotificationTarget": { "type": "object", "properties": { "TargetArn": { "oneOf": [ { "type": "string", "maxLength": 2048 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "The ARN of the target (SNS topic) to which audit notifications are sent." }, "RoleArn": { "oneOf": [ { "type": "string", "minLength": 20, "maxLength": 2048 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "The ARN of the role that grants permission to send notifications to the target." }, "Enabled": { "description": "True if notifications to the target are enabled.", "type": "boolean" } }, "title": "AWSIoTAccountAuditConfigurationAuditNotificationTargetDefinition", "additionalProperties": false } }, "primaryIdentifier": [ "/properties/AccountId" ] }