2019/08/05 - AWS IoT - 11 new 1 updated api methods
Changes In this release, AWS IoT Device Defender introduces audit mitigation actions that can be applied to audit findings to help mitigate security issues.
Deletes a defined mitigation action from your AWS account.
See also: AWS API Documentation
Request Syntax
client.delete_mitigation_action(
actionName='string'
)
string
[REQUIRED]
The name of the mitigation action that you want to delete.
dict
Response Syntax
{}
Response Structure
(dict) --
Cancels a mitigation action task that is in progress. If the task is not in progress, an InvalidRequestException occurs.
See also: AWS API Documentation
Request Syntax
client.cancel_audit_mitigation_actions_task(
taskId='string'
)
string
[REQUIRED]
The unique identifier for the task that you want to cancel.
dict
Response Syntax
{}
Response Structure
(dict) --
Gets information about a mitigation action.
See also: AWS API Documentation
Request Syntax
client.describe_mitigation_action(
actionName='string'
)
string
[REQUIRED]
The friendly name that uniquely identifies the mitigation action.
dict
Response Syntax
{
'actionName': 'string',
'actionType': 'UPDATE_DEVICE_CERTIFICATE'|'UPDATE_CA_CERTIFICATE'|'ADD_THINGS_TO_THING_GROUP'|'REPLACE_DEFAULT_POLICY_VERSION'|'ENABLE_IOT_LOGGING'|'PUBLISH_FINDING_TO_SNS',
'actionArn': 'string',
'actionId': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
},
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
actionName (string) --
The friendly name that uniquely identifies the mitigation action.
actionType (string) --
The type of mitigation action.
actionArn (string) --
The ARN that identifies this migration action.
actionId (string) --
A unique identifier for this action.
roleArn (string) --
The ARN of the IAM role used to apply this action.
actionParams (dict) --
Parameters that control how the mitigation action is applied, specific to the type of mitigation action.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) --
The action that you want to apply to the device cerrtificate. The only supported value is DEACTIVATE .
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) --
The action that you want to apply to the CA cerrtificate. The only supported value is DEACTIVATE .
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) --
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you cannot add a thing to more than one group in the same hierarchy.
(string) --
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic things groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) --
The name of the template to be applied. The only supported value is BLANK_POLICY .
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging (string) --
The ARN of the IAM role used for logging.
logLevel (string) --
Specifies the types of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) --
The ARN of the topic to which you want to publish the findings.
creationDate (datetime) --
The date and time when the mitigation action was added to your AWS account.
lastModifiedDate (datetime) --
The date and time when the mitigation action was last changed.
Gets information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings. Properties include the actions being applied, the audit checks to which they're being applied, the task status, and aggregated task statistics.
See also: AWS API Documentation
Request Syntax
client.describe_audit_mitigation_actions_task(
taskId='string'
)
string
[REQUIRED]
The unique identifier for the audit mitigation task.
dict
Response Syntax
{
'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'taskStatistics': {
'string': {
'totalFindingsCount': 123,
'failedFindingsCount': 123,
'succeededFindingsCount': 123,
'skippedFindingsCount': 123,
'canceledFindingsCount': 123
}
},
'target': {
'auditTaskId': 'string',
'findingIds': [
'string',
],
'auditCheckToReasonCodeFilter': {
'string': [
'string',
]
}
},
'auditCheckToActionsMapping': {
'string': [
'string',
]
},
'actionsDefinition': [
{
'name': 'string',
'id': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
},
]
}
Response Structure
(dict) --
taskStatus (string) --
The current status of the task.
startTime (datetime) --
The date and time when the task was started.
endTime (datetime) --
The date and time when the task was completed or canceled.
taskStatistics (dict) --
Aggregate counts of the results when the mitigation tasks were applied to the findings for this audit mitigation actions task.
(string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
(dict) --
Provides summary counts of how many tasks for findings are in a particular state. This information is included in the response from DescribeAuditMitigationActionsTask.
totalFindingsCount (integer) --
The total number of findings to which a task is being applied.
failedFindingsCount (integer) --
The number of findings for which at least one of the actions failed when applied.
succeededFindingsCount (integer) --
The number of findings for which all mitigation actions succeeded when applied.
skippedFindingsCount (integer) --
The number of findings skipped because of filter conditions provided in the parameters to the command.
canceledFindingsCount (integer) --
The number of findings to which the mitigation action task was canceled when applied.
target (dict) --
Identifies the findings to which the mitigation actions are applied. This can be by audit checks, by audit task, or a set of findings.
auditTaskId (string) --
If the task will apply a mitigation action to findings from a specific audit, this value uniquely identifies the audit.
findingIds (list) --
If the task will apply a mitigation action to one or more listed findings, this value uniquely identifies those findings.
(string) --
auditCheckToReasonCodeFilter (dict) --
Specifies a filter in the form of an audit check and set of reason codes that identify the findings from the audit to which the audit mitigation actions task apply.
(string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
(list) --
(string) --
auditCheckToActionsMapping (dict) --
Specifies the mitigation actions that should be applied to specific audit checks.
(string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
(list) --
(string) --
actionsDefinition (list) --
Specifies the mitigation actions and their parameters that are applied as part of this task.
(dict) --
Describes which changes should be applied as part of a mitigation action.
name (string) --
A user-friendly name for the mitigation action.
id (string) --
A unique identifier for the mitigation action.
roleArn (string) --
The IAM role ARN used to apply this mitigation action.
actionParams (dict) --
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) --
The action that you want to apply to the device cerrtificate. The only supported value is DEACTIVATE .
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) --
The action that you want to apply to the CA cerrtificate. The only supported value is DEACTIVATE .
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) --
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you cannot add a thing to more than one group in the same hierarchy.
(string) --
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic things groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) --
The name of the template to be applied. The only supported value is BLANK_POLICY .
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging (string) --
The ARN of the IAM role used for logging.
logLevel (string) --
Specifies the types of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) --
The ARN of the topic to which you want to publish the findings.
Starts a task that applies a set of mitigation actions to the specified target.
See also: AWS API Documentation
Request Syntax
client.start_audit_mitigation_actions_task(
taskId='string',
target={
'auditTaskId': 'string',
'findingIds': [
'string',
],
'auditCheckToReasonCodeFilter': {
'string': [
'string',
]
}
},
auditCheckToActionsMapping={
'string': [
'string',
]
},
clientRequestToken='string'
)
string
[REQUIRED]
A unique identifier for the task. You can use this identifier to check the status of the task or to cancel it.
dict
[REQUIRED]
Specifies the audit findings to which the mitigation actions are applied. You can apply them to a type of audit check, to all findings from an audit, or to a speecific set of findings.
auditTaskId (string) --
If the task will apply a mitigation action to findings from a specific audit, this value uniquely identifies the audit.
findingIds (list) --
If the task will apply a mitigation action to one or more listed findings, this value uniquely identifies those findings.
(string) --
auditCheckToReasonCodeFilter (dict) --
Specifies a filter in the form of an audit check and set of reason codes that identify the findings from the audit to which the audit mitigation actions task apply.
(string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
(list) --
(string) --
dict
[REQUIRED]
For an audit check, specifies which mitigation actions to apply. Those actions must be defined in your AWS account.
(string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
(list) --
(string) --
string
[REQUIRED]
Each audit mitigation task must have a unique client request token. If you try to start a new task with the same token as a task that already exists, an exception occurs. If you omit this value, a unique client request token is generated automatically.
This field is autopopulated if not provided.
dict
Response Syntax
{
'taskId': 'string'
}
Response Structure
(dict) --
taskId (string) --
The unique identifier for the audit mitigation task. This matches the taskId that you specified in the request.
Defines an action that can be applied to audit findings by using StartAuditMitigationActionsTask. Each mitigation action can apply only one type of change.
See also: AWS API Documentation
Request Syntax
client.create_mitigation_action(
actionName='string',
roleArn='string',
actionParams={
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
A friendly name for the action. Choose a friendly name that accurately describes the action (for example, EnableLoggingAction ).
string
[REQUIRED]
The ARN of the IAM role that is used to apply the mitigation action.
dict
[REQUIRED]
Defines the type of action and the parameters for that action.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) -- [REQUIRED]
The action that you want to apply to the device cerrtificate. The only supported value is DEACTIVATE .
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) -- [REQUIRED]
The action that you want to apply to the CA cerrtificate. The only supported value is DEACTIVATE .
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) -- [REQUIRED]
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you cannot add a thing to more than one group in the same hierarchy.
(string) --
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic things groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) -- [REQUIRED]
The name of the template to be applied. The only supported value is BLANK_POLICY .
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging (string) -- [REQUIRED]
The ARN of the IAM role used for logging.
logLevel (string) -- [REQUIRED]
Specifies the types of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) -- [REQUIRED]
The ARN of the topic to which you want to publish the findings.
list
Metadata that can be used to manage the mitigation action.
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) --
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{
'actionArn': 'string',
'actionId': 'string'
}
Response Structure
(dict) --
actionArn (string) --
The ARN for the new mitigation action.
actionId (string) --
A unique identifier for the new mitigation action.
Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started.
See also: AWS API Documentation
Request Syntax
client.describe_audit_finding(
findingId='string'
)
string
[REQUIRED]
A unique identifier for a single audit finding. You can use this identifier to apply mitigation actions to the finding.
dict
Response Syntax
{
'finding': {
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string'
}
}
Response Structure
(dict) --
finding (dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
additionalInfo (dict) --
Other information about the noncompliant resource.
(string) --
(string) --
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
Gets the status of audit mitigation action tasks that were executed.
See also: AWS API Documentation
Request Syntax
client.list_audit_mitigation_actions_executions(
taskId='string',
actionStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'|'SKIPPED'|'PENDING',
findingId='string',
maxResults=123,
nextToken='string'
)
string
[REQUIRED]
Specify this filter to limit results to actions for a specific audit mitigation actions task.
string
Specify this filter to limit results to those with a specific status.
string
[REQUIRED]
Specify this filter to limit results to those that were applied to a specific audit finding.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
dict
Response Syntax
{
'actionsExecutions': [
{
'taskId': 'string',
'findingId': 'string',
'actionName': 'string',
'actionId': 'string',
'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'|'SKIPPED'|'PENDING',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'errorCode': 'string',
'message': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
actionsExecutions (list) --
A set of task execution results based on the input parameters. Details include the mitigation action applied, start time, and task status.
(dict) --
Returned by ListAuditMitigationActionsTask, this object contains information that describes a mitigation action that has been started.
taskId (string) --
The unique identifier for the task that applies the mitigation action.
findingId (string) --
The unique identifier for the findings to which the task and associated mitigation action are applied.
actionName (string) --
The friendly name of the mitigation action being applied by the task.
actionId (string) --
The unique identifier for the mitigation action being applied by the task.
status (string) --
The current status of the task being executed.
startTime (datetime) --
The date and time when the task was started.
endTime (datetime) --
The date and time when the task was completed or canceled. Blank if the task is still running.
errorCode (string) --
If an error occurred, the code that indicates which type of error occurred.
message (string) --
If an error occurred, a message that describes the error.
nextToken (string) --
The token for the next set of results.
Gets a list of audit mitigation action tasks that match the specified filters.
See also: AWS API Documentation
Request Syntax
client.list_audit_mitigation_actions_tasks(
auditTaskId='string',
findingId='string',
taskStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1)
)
string
Specify this filter to limit results to tasks that were applied to results for a specific audit.
string
Specify this filter to limit results to tasks that were applied to a specific audit finding.
string
Specify this filter to limit results to tasks that are in a specific state.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
datetime
[REQUIRED]
Specify this filter to limit results to tasks that began on or after a specific date and time.
datetime
[REQUIRED]
Specify this filter to limit results to tasks that were completed or canceled on or before a specific date and time.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'startTime': datetime(2015, 1, 1),
'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The collection of audit mitigation tasks that matched the filter criteria.
(dict) --
Information about an audit mitigation actions task that is returned by ListAuditMitigationActionsTasks .
taskId (string) --
The unique identifier for the task.
startTime (datetime) --
The time at which the audit mitigation actions task was started.
taskStatus (string) --
The current state of the audit mitigation actions task.
nextToken (string) --
The token for the next set of results.
Gets a list of all mitigation actions that match the specified filter criteria.
See also: AWS API Documentation
Request Syntax
client.list_mitigation_actions(
actionType='UPDATE_DEVICE_CERTIFICATE'|'UPDATE_CA_CERTIFICATE'|'ADD_THINGS_TO_THING_GROUP'|'REPLACE_DEFAULT_POLICY_VERSION'|'ENABLE_IOT_LOGGING'|'PUBLISH_FINDING_TO_SNS',
maxResults=123,
nextToken='string'
)
string
Specify a value to limit the result to mitigation actions with a specific action type.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
dict
Response Syntax
{
'actionIdentifiers': [
{
'actionName': 'string',
'actionArn': 'string',
'creationDate': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
actionIdentifiers (list) --
A set of actions that matched the specified filter criteria.
(dict) --
Information that identifies a mitigation action. This information is returned by ListMitigationActions.
actionName (string) --
The friendly name of the mitigation action.
actionArn (string) --
The IAM role ARN used to apply this mitigation action.
creationDate (datetime) --
The date when this mitigation action was created.
nextToken (string) --
The token for the next set of results.
Updates the definition for the specified mitigation action.
See also: AWS API Documentation
Request Syntax
client.update_mitigation_action(
actionName='string',
roleArn='string',
actionParams={
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
)
string
[REQUIRED]
The friendly name for the mitigation action. You can't change the name by using UpdateMitigationAction . Instead, you must delete and re-create the mitigation action with the new name.
string
The ARN of the IAM role that is used to apply the mitigation action.
dict
Defines the type of action and the parameters for that action.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) -- [REQUIRED]
The action that you want to apply to the device cerrtificate. The only supported value is DEACTIVATE .
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) -- [REQUIRED]
The action that you want to apply to the CA cerrtificate. The only supported value is DEACTIVATE .
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) -- [REQUIRED]
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you cannot add a thing to more than one group in the same hierarchy.
(string) --
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic things groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) -- [REQUIRED]
The name of the template to be applied. The only supported value is BLANK_POLICY .
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging (string) -- [REQUIRED]
The ARN of the IAM role used for logging.
logLevel (string) -- [REQUIRED]
Specifies the types of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) -- [REQUIRED]
The ARN of the topic to which you want to publish the findings.
dict
Response Syntax
{
'actionArn': 'string',
'actionId': 'string'
}
Response Structure
(dict) --
actionArn (string) --
The ARN for the new mitigation action.
actionId (string) --
A unique identifier for the mitigation action.
{'findings': {'findingId': 'string'}}
Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 180 days.)
See also: AWS API Documentation
Request Syntax
client.list_audit_findings(
taskId='string',
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string'
},
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1)
)
string
A filter to limit results to the audit with the specified ID. You must specify either the taskId or the startTime and endTime, but not both.
string
A filter to limit results to the findings for the specified audit check.
dict
Information identifying the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
datetime
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
datetime
A filter to limit results to those found before the specified time. You must specify either the startTime and endTime or the taskId, but not both.
dict
Response Syntax
{
'findings': [
{
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
findings (list) --
The findings (results) of the audit.
(dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
additionalInfo (dict) --
Other information about the noncompliant resource.
(string) --
(string) --
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.