aws-cdk-lib

import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * Use the `AWS::IoT::AccountAuditConfiguration` resource to configure or reconfigure the Device Defender audit settings for your account. * * Settings include how audit notifications are sent and which audit checks are enabled or disabled. For API reference, see [UpdateAccountAuditConfiguration](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAccountAuditConfiguration.html) and for detailed information on all available audit checks, see [Audit checks](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit-checks.html) . * * @cloudformationResource AWS::IoT::AccountAuditConfiguration * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html */ export declare class CfnAccountAuditConfiguration extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAccountAuditConfiguration from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAccountAuditConfiguration; /** * The ID of the account. */ accountId: string; /** * Specifies which audit checks are enabled and disabled for this account. */ auditCheckConfigurations: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty | cdk.IResolvable; /** * Information about the targets to which audit notifications are sent. */ auditNotificationTargetConfigurations?: CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit. */ roleArn: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAccountAuditConfigurationProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnAccountAuditConfiguration { /** * The types of audit checks that can be performed. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html */ interface AuditCheckConfigurationsProperty { /** * Checks the permissiveness of an authenticated Amazon Cognito identity pool role. * * For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-authenticatedcognitoroleoverlypermissivecheck */ readonly authenticatedCognitoRoleOverlyPermissiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a CA certificate is expiring. * * This check applies to CA certificates expiring within 30 days or that have expired. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificateexpiringcheck */ readonly caCertificateExpiringCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks the quality of the CA certificate key. * * The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are `ACTIVE` or `PENDING_TRANSFER` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificatekeyqualitycheck */ readonly caCertificateKeyQualityCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if multiple devices connect using the same client ID. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-conflictingclientidscheck */ readonly conflictingClientIdsCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks when a device certificate has been active for a number of days greater than or equal to the number you specify. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateagecheck */ readonly deviceCertificateAgeCheck?: CfnAccountAuditConfiguration.DeviceCertAgeAuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a device certificate is expiring. * * By default, this check applies to device certificates expiring within 30 days or that have expired. You can modify this threshold by configuring the DeviceCertExpirationAuditCheckConfiguration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateexpiringcheck */ readonly deviceCertificateExpiringCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks the quality of the device certificate key. * * The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatekeyqualitycheck */ readonly deviceCertificateKeyQualityCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatesharedcheck */ readonly deviceCertificateSharedCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if device certificates are still active despite being revoked by an intermediate CA. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-intermediatecarevokedforactivedevicecertificatescheck */ readonly intermediateCaRevokedForActiveDeviceCertificatesCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicyoverlypermissivecheck */ readonly iotPolicyOverlyPermissiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if an AWS IoT policy is potentially misconfigured. * * Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources. This check is a warning for you to make sure that only intended actions are allowed before updating the policy. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicypotentialmisconfigurationcheck */ readonly ioTPolicyPotentialMisConfigurationCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasallowsaccesstounusedservicescheck */ readonly iotRoleAliasAllowsAccessToUnusedServicesCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasoverlypermissivecheck */ readonly iotRoleAliasOverlyPermissiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if AWS IoT logs are disabled. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-loggingdisabledcheck */ readonly loggingDisabledCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a revoked CA certificate is still active. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokedcacertificatestillactivecheck */ readonly revokedCaCertificateStillActiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a revoked device certificate is still active. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokeddevicecertificatestillactivecheck */ readonly revokedDeviceCertificateStillActiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-unauthenticatedcognitoroleoverlypermissivecheck */ readonly unauthenticatedCognitoRoleOverlyPermissiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; } /** * Which audit checks are enabled and disabled for this account. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.html */ interface AuditCheckConfigurationProperty { /** * True if this audit check is enabled for this account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfiguration-enabled */ readonly enabled?: boolean | cdk.IResolvable; } /** * Configuration for the device certificate age audit check. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-devicecertageauditcheckconfiguration.html */ interface DeviceCertAgeAuditCheckConfigurationProperty { /** * Configuration settings for the device certificate age check, including the threshold in days for certificate age. * * This configuration is of type `CertAgeCheckCustomConfiguration` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-devicecertageauditcheckconfiguration.html#cfn-iot-accountauditconfiguration-devicecertageauditcheckconfiguration-configuration */ readonly configuration?: CfnAccountAuditConfiguration.CertAgeCheckCustomConfigurationProperty | cdk.IResolvable; /** * True if this audit check is enabled for this account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-devicecertageauditcheckconfiguration.html#cfn-iot-accountauditconfiguration-devicecertageauditcheckconfiguration-enabled */ readonly enabled?: boolean | cdk.IResolvable; } /** * Configuration structure containing settings for the device certificate age check. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-certagecheckcustomconfiguration.html */ interface CertAgeCheckCustomConfigurationProperty { /** * The number of days that defines when a device certificate is considered to have aged. * * The check will report a finding if a certificate has been active for a number of days greater than or equal to this threshold value. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-certagecheckcustomconfiguration.html#cfn-iot-accountauditconfiguration-certagecheckcustomconfiguration-certagethresholdindays */ readonly certAgeThresholdInDays?: string; } /** * The configuration of the audit notification target. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtargetconfigurations.html */ interface AuditNotificationTargetConfigurationsProperty { /** * The `Sns` notification target. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtargetconfigurations.html#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations-sns */ readonly sns?: CfnAccountAuditConfiguration.AuditNotificationTargetProperty | cdk.IResolvable; } /** * Information about the targets to which audit notifications are sent. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html */ interface AuditNotificationTargetProperty { /** * True if notifications to the target are enabled. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-enabled */ readonly enabled?: boolean | cdk.IResolvable; /** * The ARN of the role that grants permission to send notifications to the target. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-rolearn */ readonly roleArn?: string; /** * The ARN of the target (SNS topic) to which audit notifications are sent. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-targetarn */ readonly targetArn?: string; } } /** * Properties for defining a `CfnAccountAuditConfiguration` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html */ export interface CfnAccountAuditConfigurationProps { /** * The ID of the account. * * You can use the expression `!Sub "${AWS::AccountId}"` to use your account ID. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-accountid */ readonly accountId: string; /** * Specifies which audit checks are enabled and disabled for this account. * * Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the `Enabled:` key to `false` . * * If an enabled check is removed from the template, it will also be disabled. * * You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. * * For more information on avialbe auidt checks see [AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html) * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations */ readonly auditCheckConfigurations: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty | cdk.IResolvable; /** * Information about the targets to which audit notifications are sent. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations */ readonly auditNotificationTargetConfigurations?: CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-rolearn */ readonly roleArn: string; } /** * Specifies an authorizer. * * @cloudformationResource AWS::IoT::Authorizer * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html */ export declare class CfnAuthorizer extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAuthorizer from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAuthorizer; /** * The Amazon Resource Name (ARN) of the authorizer. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The authorizer's Lambda function ARN. */ authorizerFunctionArn: string; /** * The authorizer name. */ authorizerName?: string; /** * When `true` , the result from the authorizer's Lambda function is cached for clients that use persistent HTTP connections. */ enableCachingForHttp?: boolean | cdk.IResolvable; /** * Specifies whether AWS IoT validates the token signature in an authorization request. */ signingDisabled?: boolean | cdk.IResolvable; /** * The status of the authorizer. */ status?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Metadata which can be used to manage the custom authorizer. */ tagsRaw?: Array<cdk.CfnTag>; /** * The key used to extract the token from the HTTP headers. */ tokenKeyName?: string; /** * The public keys used to validate the token signature returned by your custom authentication service. */ tokenSigningPublicKeys?: cdk.IResolvable | Record<string, string>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAuthorizerProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnAuthorizer` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html */ export interface CfnAuthorizerProps { /** * The authorizer's Lambda function ARN. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-authorizerfunctionarn */ readonly authorizerFunctionArn: string; /** * The authorizer name. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-authorizername */ readonly authorizerName?: string; /** * When `true` , the result from the authorizer's Lambda function is cached for clients that use persistent HTTP connections. * * The results are cached for the time specified by the Lambda function in `refreshAfterInSeconds` . This value doesn't affect authorization of clients that use MQTT connections. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-enablecachingforhttp */ readonly enableCachingForHttp?: boolean | cdk.IResolvable; /** * Specifies whether AWS IoT validates the token signature in an authorization request. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-signingdisabled */ readonly signingDisabled?: boolean | cdk.IResolvable; /** * The status of the authorizer. * * Valid values: `ACTIVE` | `INACTIVE` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-status */ readonly status?: string; /** * Metadata which can be used to manage the custom authorizer. * * > For URI Request parameters use format: ...key1=value1&key2=value2... * > * > For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..." * > * > For the cli-input-json file use format: "tags": "key1=value1&key2=value2..." * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tags */ readonly tags?: Array<cdk.CfnTag>; /** * The key used to extract the token from the HTTP headers. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tokenkeyname */ readonly tokenKeyName?: string; /** * The public keys used to validate the token signature returned by your custom authentication service. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tokensigningpublickeys */ readonly tokenSigningPublicKeys?: cdk.IResolvable | Record<string, string>; } /** * Creates a new billing group. * * Requires permission to access the [CreateBillingGroup](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action. * * @cloudformationResource AWS::IoT::BillingGroup * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-billinggroup.html */ export declare class CfnBillingGroup extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnBillingGroup from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnBillingGroup; /** * The ARN of the billing group. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The ID of the billing group. * * @cloudformationAttribute Id */ readonly attrId: string; /** * The name of the billing group. */ billingGroupName?: string; /** * The properties of the billing group. */ billingGroupProperties?: CfnBillingGroup.BillingGroupPropertiesProperty | cdk.IResolvable; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Metadata which can be used to manage the billing group. */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props?: CfnBillingGroupProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnBillingGroup { /** * The properties of a billing group. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-billinggroup-billinggroupproperties.html */ interface BillingGroupPropertiesProperty { /** * The description of the billing group. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-billinggroup-billinggroupproperties.html#cfn-iot-billinggroup-billinggroupproperties-billinggroupdescription */ readonly billingGroupDescription?: string; } } /** * Properties for defining a `CfnBillingGroup` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-billinggroup.html */ export interface CfnBillingGroupProps { /** * The name of the billing group. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-billinggroup.html#cfn-iot-billinggroup-billinggroupname */ readonly billingGroupName?: string; /** * The properties of the billing group. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-billinggroup.html#cfn-iot-billinggroup-billinggroupproperties */ readonly billingGroupProperties?: CfnBillingGroup.BillingGroupPropertiesProperty | cdk.IResolvable; /** * Metadata which can be used to manage the billing group. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-billinggroup.html#cfn-iot-billinggroup-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Specifies a CA certificate. * * @cloudformationResource AWS::IoT::CACertificate * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html */ export declare class CfnCACertificate extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnCACertificate from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCACertificate; /** * Returns the Amazon Resource Name (ARN) for the CA certificate. For example: * * `{ "Fn::GetAtt": ["MyCACertificate", "Arn"] }` * * A value similar to the following is returned: * * `arn:aws:iot:us-east-1:123456789012:cacert/a6be6b84559801927e35a8f901fae08b5971d78d1562e29504ff9663b276a5f5` * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The CA certificate ID. * * @cloudformationAttribute Id */ readonly attrId: string; /** * Whether the CA certificate is configured for auto registration of device certificates. */ autoRegistrationStatus?: string; /** * The certificate data in PEM format. */ caCertificatePem: string; /** * The mode of the CA. */ certificateMode?: string; /** * Information about the registration configuration. */ registrationConfig?: cdk.IResolvable | CfnCACertificate.RegistrationConfigProperty; /** * If true, removes auto registration. */ removeAutoRegistration?: boolean | cdk.IResolvable; /** * The status of the CA certificate. */ status: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * An array of key-value pairs to apply to this resource. */ tagsRaw?: Array<cdk.CfnTag>; /** * The private key verification certificate. */ verificationCertificatePem?: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCACertificateProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnCACertificate { /** * The registration configuration. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-cacertificate-registrationconfig.html */ interface RegistrationConfigProperty { /** * The ARN of the role. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-cacertificate-registrationconfig.html#cfn-iot-cacertificate-registrationconfig-rolearn */ readonly roleArn?: string; /** * The template body. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-cacertificate-registrationconfig.html#cfn-iot-cacertificate-registrationconfig-templatebody */ readonly templateBody?: string; /** * The name of the provisioning template. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-cacertificate-registrationconfig.html#cfn-iot-cacertificate-registrationconfig-templatename */ readonly templateName?: string; } } /** * Properties for defining a `CfnCACertificate` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html */ export interface CfnCACertificateProps { /** * Whether the CA certificate is configured for auto registration of device certificates. * * Valid values are "ENABLE" and "DISABLE". * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-autoregistrationstatus */ readonly autoRegistrationStatus?: string; /** * The certificate data in PEM format. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-cacertificatepem */ readonly caCertificatePem: string; /** * The mode of the CA. * * All the device certificates that are registered using this CA will be registered in the same mode as the CA. For more information about certificate mode for device certificates, see [certificate mode](https://docs.aws.amazon.com//iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode) . * * Valid values are "DEFAULT" and "SNI_ONLY". * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-certificatemode */ readonly certificateMode?: string; /** * Information about the registration configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-registrationconfig */ readonly registrationConfig?: cdk.IResolvable | CfnCACertificate.RegistrationConfigProperty; /** * If true, removes auto registration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-removeautoregistration */ readonly removeAutoRegistration?: boolean | cdk.IResolvable; /** * The status of the CA certificate. * * Valid values are "ACTIVE" and "INACTIVE". * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-status */ readonly status: string; /** * An array of key-value pairs to apply to this resource. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-tags */ readonly tags?: Array<cdk.CfnTag>; /** * The private key verification certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-verificationcertificatepem */ readonly verificationCertificatePem?: string; } /** * Use the `AWS::IoT::Certificate` resource to declare an AWS IoT X.509 certificate. For information about working with X.509 certificates, see [X.509 Client Certificates](https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html) in the *AWS IoT Developer Guide* . * * @cloudformationResource AWS::IoT::Certificate * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html */ export declare class CfnCertificate extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnCertificate from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCertificate; /** * Returns the Amazon Resource Name (ARN) for the certificate. For example: * * `{ "Fn::GetAtt": ["MyCertificate", "Arn"] }` * * A value similar to the following is returned: * * `arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2` * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The certificate ID. * * @cloudformationAttribute Id */ readonly attrId: string; /** * The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY. */ caCertificatePem?: string; /** * Specifies which mode of certificate registration to use with this resource. */ certificateMode?: string; /** * The certificate data in PEM format. */ certificatePem?: string; /** * The certificate signing request (CSR). */ certificateSigningRequest?: string; /** * The status of the certificate. */ status: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCertificateProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnCertificate` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html */ export interface CfnCertificateProps { /** * The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-cacertificatepem */ readonly caCertificatePem?: string; /** * Specifies which mode of certificate registration to use with this resource. * * Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest. * * `DEFAULT` : A certificate in `DEFAULT` mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in `DEFAULT` mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core . * * `SNI_ONLY` : A certificate in `SNI_ONLY` mode is registered without an issuer CA. Devices with certificates in `SNI_ONLY` mode must send the SNI extension when connecting to AWS IoT Core . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatemode */ readonly certificateMode?: string; /** * The certificate data in PEM format. * * Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatepem */ readonly certificatePem?: string; /** * The certificate signing request (CSR). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatesigningrequest */ readonly certificateSigningRequest?: string; /** * The status of the certificate. * * Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION. * * The status value REGISTER_INACTIVE is deprecated and should not be used. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-status */ readonly status: string; } /** * Use the `AWS::IoT::CustomMetric` resource to define a custom metric published by your devices to Device Defender. * * For API reference, see [CreateCustomMetric](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCustomMetric.html) and for general information, see [Custom metrics](https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-custom-metrics.html) . * * @cloudformationResource AWS::IoT::CustomMetric * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html */ export declare class CfnCustomMetric extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnCustomMetric from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCustomMetric; /** * The Amazon Resource Number (ARN) of the custom metric; for example, `arn: *aws-partition* :iot: *region* : *accountId* :custommetric/ *metricName*` . * * @cloudformationAttribute MetricArn */ readonly attrMetricArn: string; /** * The friendly name in the console for the custom metric. */ displayName?: string; /** * The name of the custom metric. */ metricName?: string; /** * The type of the custom metric. Types include `string-list` , `ip-address-list` , `number-list` , and `number` . */ metricType: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Metadata that can be used to manage the custom metric. */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCustomMetricProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnCustomMetric` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html */ export interface CfnCustomMetricProps { /** * The friendly name in the console for the custom metric. * * This name doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. You can update the friendly name after you define it. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-displayname */ readonly displayName?: string; /** * The name of the custom metric. * * This will be used in the metric report submitted from the device/thing. The name can't begin with `aws:` . You can’t change the name after you define it. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-metricname */ readonly metricName?: string; /** * The type of the custom metric. Types include `string-list` , `ip-address-list` , `number-list` , and `number` . * * > The type `number` only takes a single metric value as an input, but when you submit the metrics value in the DeviceMetrics report, you must pass it as an array with a single value. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-metrictype */ readonly metricType: string; /** * Metadata that can be used to manage the custom metric. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Use the `AWS::IoT::Dimension` to limit the scope of a metric used in a security profile for AWS IoT Device Defender . * * For example, using a `TOPIC_FILTER` dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. For API reference, see [CreateDimension](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDimension.html) and for general information, see [Scoping metrics in security profiles using dimensions](https://docs.aws.amazon.com/iot/latest/developerguide/scoping-security-behavior.html) . * * @cloudformationResource AWS::IoT::Dimension * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-dimension.html */ export declare class CfnDimension extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnDimension from CloudFormation properties * * A factory method that creates a new in