aws-cdk-lib

import * as constructs from 'constructs'; import * as cdk from '../../core'; import * as cfn_parse from '../../core/lib/helpers-internal'; /** * Properties for defining a `CfnAccountAuditConfiguration` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html */ export interface CfnAccountAuditConfigurationProps { /** * The ID of the account. You can use the expression `!Sub "${AWS::AccountId}"` to use your account ID. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-accountid */ readonly accountId: string; /** * Specifies which audit checks are enabled and disabled for this account. * * Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the `Enabled:` key to `false` . * * If an enabled check is removed from the template, it will also be disabled. * * You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. * * For more information on avialbe auidt checks see [AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html) * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations */ readonly auditCheckConfigurations: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-rolearn */ readonly roleArn: string; /** * Information about the targets to which audit notifications are sent. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations */ readonly auditNotificationTargetConfigurations?: CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty | cdk.IResolvable; } /** * A CloudFormation `AWS::IoT::AccountAuditConfiguration` * * Use the `AWS::IoT::AccountAuditConfiguration` resource to configure or reconfigure the Device Defender audit settings for your account. Settings include how audit notifications are sent and which audit checks are enabled or disabled. For API reference, see [UpdateAccountAuditConfiguration](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAccountAuditConfiguration.html) and for detailed information on all available audit checks, see [Audit checks](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit-checks.html) . * * @cloudformationResource AWS::IoT::AccountAuditConfiguration * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html */ export declare class CfnAccountAuditConfiguration extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IoT::AccountAuditConfiguration"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAccountAuditConfiguration; /** * The ID of the account. You can use the expression `!Sub "${AWS::AccountId}"` to use your account ID. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-accountid */ accountId: string; /** * Specifies which audit checks are enabled and disabled for this account. * * Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the `Enabled:` key to `false` . * * If an enabled check is removed from the template, it will also be disabled. * * You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. * * For more information on avialbe auidt checks see [AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html) * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations */ auditCheckConfigurations: CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-rolearn */ roleArn: string; /** * Information about the targets to which audit notifications are sent. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations */ auditNotificationTargetConfigurations: CfnAccountAuditConfiguration.AuditNotificationTargetConfigurationsProperty | cdk.IResolvable | undefined; /** * Create a new `AWS::IoT::AccountAuditConfiguration`. * * @param scope - scope in which this resource is defined * @param id - scoped id of the resource * @param props - resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAccountAuditConfigurationProps); /** * Examines the CloudFormation resource and discloses attributes. * * @param inspector - tree inspector to collect and process attributes * */ inspect(inspector: cdk.TreeInspector): void; protected get cfnProperties(): { [key: string]: any; }; protected renderProperties(props: { [key: string]: any; }): { [key: string]: any; }; } export declare namespace CfnAccountAuditConfiguration { /** * Which audit checks are enabled and disabled for this account. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.html */ interface AuditCheckConfigurationProperty { /** * True if this audit check is enabled for this account. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfiguration-enabled */ readonly enabled?: boolean | cdk.IResolvable; } } export declare namespace CfnAccountAuditConfiguration { /** * The types of audit checks that can be performed. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html */ interface AuditCheckConfigurationsProperty { /** * Checks the permissiveness of an authenticated Amazon Cognito identity pool role. For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker during the 31 days before the audit is performed. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-authenticatedcognitoroleoverlypermissivecheck */ readonly authenticatedCognitoRoleOverlyPermissiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a CA certificate is expiring. This check applies to CA certificates expiring within 30 days or that have expired. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificateexpiringcheck */ readonly caCertificateExpiringCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks the quality of the CA certificate key. The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size. This check applies to CA certificates that are `ACTIVE` or `PENDING_TRANSFER` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-cacertificatekeyqualitycheck */ readonly caCertificateKeyQualityCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if multiple devices connect using the same client ID. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-conflictingclientidscheck */ readonly conflictingClientIdsCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a device certificate is expiring. This check applies to device certificates expiring within 30 days or that have expired. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificateexpiringcheck */ readonly deviceCertificateExpiringCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks the quality of the device certificate key. The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority, and if the key meets a minimum required size. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatekeyqualitycheck */ readonly deviceCertificateKeyQualityCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-devicecertificatesharedcheck */ readonly deviceCertificateSharedCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * `CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.IntermediateCaRevokedForActiveDeviceCertificatesCheck` * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-intermediatecarevokedforactivedevicecertificatescheck */ readonly intermediateCaRevokedForActiveDeviceCertificatesCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * `CfnAccountAuditConfiguration.AuditCheckConfigurationsProperty.IoTPolicyPotentialMisConfigurationCheck` * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicypotentialmisconfigurationcheck */ readonly ioTPolicyPotentialMisConfigurationCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotpolicyoverlypermissivecheck */ readonly iotPolicyOverlyPermissiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasallowsaccesstounusedservicescheck */ readonly iotRoleAliasAllowsAccessToUnusedServicesCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-iotrolealiasoverlypermissivecheck */ readonly iotRoleAliasOverlyPermissiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if AWS IoT logs are disabled. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-loggingdisabledcheck */ readonly loggingDisabledCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a revoked CA certificate is still active. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokedcacertificatestillactivecheck */ readonly revokedCaCertificateStillActiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if a revoked device certificate is still active. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-revokeddevicecertificatestillactivecheck */ readonly revokedDeviceCertificateStillActiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; /** * Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations-unauthenticatedcognitoroleoverlypermissivecheck */ readonly unauthenticatedCognitoRoleOverlyPermissiveCheck?: CfnAccountAuditConfiguration.AuditCheckConfigurationProperty | cdk.IResolvable; } } export declare namespace CfnAccountAuditConfiguration { /** * Information about the targets to which audit notifications are sent. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html */ interface AuditNotificationTargetProperty { /** * True if notifications to the target are enabled. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-enabled */ readonly enabled?: boolean | cdk.IResolvable; /** * The ARN of the role that grants permission to send notifications to the target. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-rolearn */ readonly roleArn?: string; /** * The ARN of the target (SNS topic) to which audit notifications are sent. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtarget.html#cfn-iot-accountauditconfiguration-auditnotificationtarget-targetarn */ readonly targetArn?: string; } } export declare namespace CfnAccountAuditConfiguration { /** * The configuration of the audit notification target. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtargetconfigurations.html */ interface AuditNotificationTargetConfigurationsProperty { /** * The `Sns` notification target. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditnotificationtargetconfigurations.html#cfn-iot-accountauditconfiguration-auditnotificationtargetconfigurations-sns */ readonly sns?: CfnAccountAuditConfiguration.AuditNotificationTargetProperty | cdk.IResolvable; } } /** * Properties for defining a `CfnAuthorizer` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html */ export interface CfnAuthorizerProps { /** * The authorizer's Lambda function ARN. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-authorizerfunctionarn */ readonly authorizerFunctionArn: string; /** * The authorizer name. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-authorizername */ readonly authorizerName?: string; /** * `AWS::IoT::Authorizer.EnableCachingForHttp` * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-enablecachingforhttp */ readonly enableCachingForHttp?: boolean | cdk.IResolvable; /** * Specifies whether AWS IoT validates the token signature in an authorization request. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-signingdisabled */ readonly signingDisabled?: boolean | cdk.IResolvable; /** * The status of the authorizer. * * Valid values: `ACTIVE` | `INACTIVE` * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-status */ readonly status?: string; /** * Metadata which can be used to manage the custom authorizer. * * > For URI Request parameters use format: ...key1=value1&key2=value2... * > * > For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..." * > * > For the cli-input-json file use format: "tags": "key1=value1&key2=value2..." * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tags */ readonly tags?: cdk.CfnTag[]; /** * The key used to extract the token from the HTTP headers. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tokenkeyname */ readonly tokenKeyName?: string; /** * The public keys used to validate the token signature returned by your custom authentication service. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tokensigningpublickeys */ readonly tokenSigningPublicKeys?: { [key: string]: (string); } | cdk.IResolvable; } /** * A CloudFormation `AWS::IoT::Authorizer` * * Specifies an authorizer. * * @cloudformationResource AWS::IoT::Authorizer * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html */ export declare class CfnAuthorizer extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IoT::Authorizer"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAuthorizer; /** * The Amazon Resource Name (ARN) of the authorizer. * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The authorizer's Lambda function ARN. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-authorizerfunctionarn */ authorizerFunctionArn: string; /** * The authorizer name. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-authorizername */ authorizerName: string | undefined; /** * `AWS::IoT::Authorizer.EnableCachingForHttp` * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-enablecachingforhttp */ enableCachingForHttp: boolean | cdk.IResolvable | undefined; /** * Specifies whether AWS IoT validates the token signature in an authorization request. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-signingdisabled */ signingDisabled: boolean | cdk.IResolvable | undefined; /** * The status of the authorizer. * * Valid values: `ACTIVE` | `INACTIVE` * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-status */ status: string | undefined; /** * Metadata which can be used to manage the custom authorizer. * * > For URI Request parameters use format: ...key1=value1&key2=value2... * > * > For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..." * > * > For the cli-input-json file use format: "tags": "key1=value1&key2=value2..." * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tags */ readonly tags: cdk.TagManager; /** * The key used to extract the token from the HTTP headers. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tokenkeyname */ tokenKeyName: string | undefined; /** * The public keys used to validate the token signature returned by your custom authentication service. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-authorizer.html#cfn-iot-authorizer-tokensigningpublickeys */ tokenSigningPublicKeys: { [key: string]: (string); } | cdk.IResolvable | undefined; /** * Create a new `AWS::IoT::Authorizer`. * * @param scope - scope in which this resource is defined * @param id - scoped id of the resource * @param props - resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAuthorizerProps); /** * Examines the CloudFormation resource and discloses attributes. * * @param inspector - tree inspector to collect and process attributes * */ inspect(inspector: cdk.TreeInspector): void; protected get cfnProperties(): { [key: string]: any; }; protected renderProperties(props: { [key: string]: any; }): { [key: string]: any; }; } /** * Properties for defining a `CfnCACertificate` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html */ export interface CfnCACertificateProps { /** * The certificate data in PEM format. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-cacertificatepem */ readonly caCertificatePem: string; /** * The status of the CA certificate. * * Valid values are "ACTIVE" and "INACTIVE". * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-status */ readonly status: string; /** * Whether the CA certificate is configured for auto registration of device certificates. Valid values are "ENABLE" and "DISABLE". * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-autoregistrationstatus */ readonly autoRegistrationStatus?: string; /** * The mode of the CA. * * All the device certificates that are registered using this CA will be registered in the same mode as the CA. For more information about certificate mode for device certificates, see [certificate mode](https://docs.aws.amazon.com//iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode) . * * Valid values are "DEFAULT" and "SNI_ONLY". * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-certificatemode */ readonly certificateMode?: string; /** * Information about the registration configuration. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-registrationconfig */ readonly registrationConfig?: CfnCACertificate.RegistrationConfigProperty | cdk.IResolvable; /** * If true, removes auto registration. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-removeautoregistration */ readonly removeAutoRegistration?: boolean | cdk.IResolvable; /** * An array of key-value pairs to apply to this resource. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-tags */ readonly tags?: cdk.CfnTag[]; /** * The private key verification certificate. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-verificationcertificatepem */ readonly verificationCertificatePem?: string; } /** * A CloudFormation `AWS::IoT::CACertificate` * * Specifies a CA certificate. * * @cloudformationResource AWS::IoT::CACertificate * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html */ export declare class CfnCACertificate extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IoT::CACertificate"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCACertificate; /** * Returns the Amazon Resource Name (ARN) for the CA certificate. For example: * * `{ "Fn::GetAtt": ["MyCACertificate", "Arn"] }` * * A value similar to the following is returned: * * `arn:aws:iot:us-east-1:123456789012:cacert/a6be6b84559801927e35a8f901fae08b5971d78d1562e29504ff9663b276a5f5` * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The CA certificate ID. * @cloudformationAttribute Id */ readonly attrId: string; /** * The certificate data in PEM format. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-cacertificatepem */ caCertificatePem: string; /** * The status of the CA certificate. * * Valid values are "ACTIVE" and "INACTIVE". * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-status */ status: string; /** * Whether the CA certificate is configured for auto registration of device certificates. Valid values are "ENABLE" and "DISABLE". * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-autoregistrationstatus */ autoRegistrationStatus: string | undefined; /** * The mode of the CA. * * All the device certificates that are registered using this CA will be registered in the same mode as the CA. For more information about certificate mode for device certificates, see [certificate mode](https://docs.aws.amazon.com//iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode) . * * Valid values are "DEFAULT" and "SNI_ONLY". * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-certificatemode */ certificateMode: string | undefined; /** * Information about the registration configuration. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-registrationconfig */ registrationConfig: CfnCACertificate.RegistrationConfigProperty | cdk.IResolvable | undefined; /** * If true, removes auto registration. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-removeautoregistration */ removeAutoRegistration: boolean | cdk.IResolvable | undefined; /** * An array of key-value pairs to apply to this resource. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-tags */ readonly tags: cdk.TagManager; /** * The private key verification certificate. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-cacertificate.html#cfn-iot-cacertificate-verificationcertificatepem */ verificationCertificatePem: string | undefined; /** * Create a new `AWS::IoT::CACertificate`. * * @param scope - scope in which this resource is defined * @param id - scoped id of the resource * @param props - resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCACertificateProps); /** * Examines the CloudFormation resource and discloses attributes. * * @param inspector - tree inspector to collect and process attributes * */ inspect(inspector: cdk.TreeInspector): void; protected get cfnProperties(): { [key: string]: any; }; protected renderProperties(props: { [key: string]: any; }): { [key: string]: any; }; } export declare namespace CfnCACertificate { /** * The registration configuration. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-cacertificate-registrationconfig.html */ interface RegistrationConfigProperty { /** * The ARN of the role. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-cacertificate-registrationconfig.html#cfn-iot-cacertificate-registrationconfig-rolearn */ readonly roleArn?: string; /** * The template body. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-cacertificate-registrationconfig.html#cfn-iot-cacertificate-registrationconfig-templatebody */ readonly templateBody?: string; /** * The name of the provisioning template. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-cacertificate-registrationconfig.html#cfn-iot-cacertificate-registrationconfig-templatename */ readonly templateName?: string; } } /** * Properties for defining a `CfnCertificate` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html */ export interface CfnCertificateProps { /** * The status of the certificate. * * Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION. * * The status value REGISTER_INACTIVE is deprecated and should not be used. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-status */ readonly status: string; /** * The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-cacertificatepem */ readonly caCertificatePem?: string; /** * Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest. * * `DEFAULT` : A certificate in `DEFAULT` mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in `DEFAULT` mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core . * * `SNI_ONLY` : A certificate in `SNI_ONLY` mode is registered without an issuer CA. Devices with certificates in `SNI_ONLY` mode must send the SNI extension when connecting to AWS IoT Core . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatemode */ readonly certificateMode?: string; /** * The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatepem */ readonly certificatePem?: string; /** * The certificate signing request (CSR). * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatesigningrequest */ readonly certificateSigningRequest?: string; } /** * A CloudFormation `AWS::IoT::Certificate` * * Use the `AWS::IoT::Certificate` resource to declare an AWS IoT X.509 certificate. For information about working with X.509 certificates, see [X.509 Client Certificates](https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html) in the *AWS IoT Developer Guide* . * * @cloudformationResource AWS::IoT::Certificate * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html */ export declare class CfnCertificate extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IoT::Certificate"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCertificate; /** * Returns the Amazon Resource Name (ARN) for the certificate. For example: * * `{ "Fn::GetAtt": ["MyCertificate", "Arn"] }` * * A value similar to the following is returned: * * `arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2` * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The certificate ID. * @cloudformationAttribute Id */ readonly attrId: string; /** * The status of the certificate. * * Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION. * * The status value REGISTER_INACTIVE is deprecated and should not be used. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-status */ status: string; /** * The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-cacertificatepem */ caCertificatePem: string | undefined; /** * Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest. * * `DEFAULT` : A certificate in `DEFAULT` mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in `DEFAULT` mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core . * * `SNI_ONLY` : A certificate in `SNI_ONLY` mode is registered without an issuer CA. Devices with certificates in `SNI_ONLY` mode must send the SNI extension when connecting to AWS IoT Core . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatemode */ certificateMode: string | undefined; /** * The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatepem */ certificatePem: string | undefined; /** * The certificate signing request (CSR). * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-certificate.html#cfn-iot-certificate-certificatesigningrequest */ certificateSigningRequest: string | undefined; /** * Create a new `AWS::IoT::Certificate`. * * @param scope - scope in which this resource is defined * @param id - scoped id of the resource * @param props - resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCertificateProps); /** * Examines the CloudFormation resource and discloses attributes. * * @param inspector - tree inspector to collect and process attributes * */ inspect(inspector: cdk.TreeInspector): void; protected get cfnProperties(): { [key: string]: any; }; protected renderProperties(props: { [key: string]: any; }): { [key: string]: any; }; } /** * Properties for defining a `CfnCustomMetric` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html */ export interface CfnCustomMetricProps { /** * The type of the custom metric. Types include `string-list` , `ip-address-list` , `number-list` , and `number` . * * > The type `number` only takes a single metric value as an input, but when you submit the metrics value in the DeviceMetrics report, you must pass it as an array with a single value. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-metrictype */ readonly metricType: string; /** * The friendly name in the console for the custom metric. This name doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. You can update the friendly name after you define it. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-displayname */ readonly displayName?: string; /** * The name of the custom metric. This will be used in the metric report submitted from the device/thing. The name can't begin with `aws:` . You can’t change the name after you define it. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-metricname */ readonly metricName?: string; /** * Metadata that can be used to manage the custom metric. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-tags */ readonly tags?: cdk.CfnTag[]; } /** * A CloudFormation `AWS::IoT::CustomMetric` * * Use the `AWS::IoT::CustomMetric` resource to define a custom metric published by your devices to Device Defender. For API reference, see [CreateCustomMetric](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCustomMetric.html) and for general information, see [Custom metrics](https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-custom-metrics.html) . * * @cloudformationResource AWS::IoT::CustomMetric * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html */ export declare class CfnCustomMetric extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IoT::CustomMetric"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCustomMetric; /** * The Amazon Resource Number (ARN) of the custom metric; for example, `arn: *aws-partition* :iot: *region* : *accountId* :custommetric/ *metricName*` . * @cloudformationAttribute MetricArn */ readonly attrMetricArn: string; /** * The type of the custom metric. Types include `string-list` , `ip-address-list` , `number-list` , and `number` . * * > The type `number` only takes a single metric value as an input, but when you submit the metrics value in the DeviceMetrics report, you must pass it as an array with a single value. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-metrictype */ metricType: string; /** * The friendly name in the console for the custom metric. This name doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. You can update the friendly name after you define it. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-displayname */ displayName: string | undefined; /** * The name of the custom metric. This will be used in the metric report submitted from the device/thing. The name can't begin with `aws:` . You can’t change the name after you define it. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-metricname */ metricName: string | undefined; /** * Metadata that can be used to manage the custom metric. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-custommetric.html#cfn-iot-custommetric-tags */ readonly tags: cdk.TagManager; /** * Create a new `AWS::IoT::CustomMetric`. * * @param scope - scope in which this resource is defined * @param id - scoped id of the resource * @param props - resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCustomMetricProps); /** * Examines the CloudFormation resource and discloses attributes. * * @param inspector - tree inspector to collect and process attributes * */ inspect(inspector: cdk.TreeInspector): void; protected get cfnProperties(): { [key: string]: any; }; protected renderProperties(props: { [key: string]: any; }): { [key: string]: any; }; } /** * Properties for defining a `CfnDimension` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-dimension.html */ export interface CfnDimensionProps { /** * Specifies the value or list of values for the dimension. For `TOPIC_FILTER` dimensions, this is a pattern used to match the MQTT topic (for example, "admin/#"). * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-dimension.html#cfn-iot-dimension-stringvalues */ readonly str