2022/11/11 - AWS IoT - 1 new 7 updated api methods
Changes This release add new api listRelatedResourcesForAuditFinding and new member type IssuerCertificates for Iot device device defender Audit.
The related resources of an Audit finding. The following resources can be returned from calling this API:
DEVICE_CERTIFICATE
CA_CERTIFICATE
IOT_POLICY
COGNITO_IDENTITY_POOL
CLIENT_ID
ACCOUNT_SETTINGS
ROLE_ALIAS
IAM_ROLE
ISSUER_CERTIFICATE
Note
This API is similar to DescribeAuditFinding's RelatedResources but provides pagination and is not limited to 10 resources. When calling DescribeAuditFinding for the intermediate CA revoked for active device certificates check, RelatedResources will not be populated. You must use this API, ListRelatedResourcesForAuditFinding, to list the certificates.
See also: AWS API Documentation
Request Syntax
client.list_related_resources_for_audit_finding(
findingId='string',
nextToken='string',
maxResults=123
)
string
[REQUIRED]
The finding Id.
string
A token that can be used to retrieve the next set of results, or null if there are no additional results.
integer
The maximum number of results to return at one time.
dict
Response Syntax
{
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE'|'ISSUER_CERTIFICATE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
relatedResources (list) --
The related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
nextToken (string) --
A token that can be used to retrieve the next set of results, or null for the first API call.
{'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}}}
Creates a Device Defender audit suppression.
Requires permission to access the CreateAuditSuppression action.
See also: AWS API Documentation
Request Syntax
client.create_audit_suppression(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
expirationDate=datetime(2015, 1, 1),
suppressIndefinitely=True|False,
description='string',
clientRequestToken='string'
)
string
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
[REQUIRED]
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
datetime
The epoch timestamp in seconds at which this suppression expires.
boolean
Indicates whether a suppression should exist indefinitely or not.
string
The description of the audit suppression.
string
[REQUIRED]
Each audit supression must have a unique client request token. If you try to create a new audit suppression with the same token as one that already exists, an exception occurs. If you omit this value, Amazon Web Services SDKs will automatically generate a unique client request.
This field is autopopulated if not provided.
dict
Response Syntax
{}
Response Structure
(dict) --
{'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}}}
Deletes a Device Defender audit suppression.
Requires permission to access the DeleteAuditSuppression action.
See also: AWS API Documentation
Request Syntax
client.delete_audit_suppression(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
}
)
string
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
[REQUIRED]
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
dict
Response Syntax
{}
Response Structure
(dict) --
{'finding': {'nonCompliantResource': {'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}},
'resourceType': {'ISSUER_CERTIFICATE'}},
'relatedResources': {'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}},
'resourceType': {'ISSUER_CERTIFICATE'}}}}
Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and the start time when the audit that returned the finding.
Requires permission to access the DescribeAuditFinding action.
See also: AWS API Documentation
Request Syntax
client.describe_audit_finding(
findingId='string'
)
string
[REQUIRED]
A unique identifier for a single audit finding. You can use this identifier to apply mitigation actions to the finding.
dict
Response Syntax
{
'finding': {
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE'|'ISSUER_CERTIFICATE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE'|'ISSUER_CERTIFICATE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string',
'isSuppressed': True|False
}
}
Response Structure
(dict) --
finding (dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
additionalInfo (dict) --
Other information about the noncompliant resource.
(string) --
(string) --
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
isSuppressed (boolean) --
Indicates whether the audit finding was suppressed or not during reporting.
{'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}}}
Gets information about a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
client.describe_audit_suppression(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
}
)
string
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
[REQUIRED]
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
dict
Response Syntax
{
'checkName': 'string',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
'expirationDate': datetime(2015, 1, 1),
'suppressIndefinitely': True|False,
'description': 'string'
}
Response Structure
(dict) --
checkName (string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
expirationDate (datetime) --
The epoch timestamp in seconds at which this suppression expires.
suppressIndefinitely (boolean) --
Indicates whether a suppression should exist indefinitely or not.
description (string) --
The description of the audit suppression.
{'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}}}
Response {'findings': {'nonCompliantResource': {'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}},
'resourceType': {'ISSUER_CERTIFICATE'}},
'relatedResources': {'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}},
'resourceType': {'ISSUER_CERTIFICATE'}}}}
Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 90 days.)
Requires permission to access the ListAuditFindings action.
See also: AWS API Documentation
Request Syntax
client.list_audit_findings(
taskId='string',
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
listSuppressedFindings=True|False
)
string
A filter to limit results to the audit with the specified ID. You must specify either the taskId or the startTime and endTime, but not both.
string
A filter to limit results to the findings for the specified audit check.
dict
Information identifying the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
datetime
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
datetime
A filter to limit results to those found before the specified time. You must specify either the startTime and endTime or the taskId, but not both.
boolean
Boolean flag indicating whether only the suppressed findings or the unsuppressed findings should be listed. If this parameter isn't provided, the response will list both suppressed and unsuppressed findings.
dict
Response Syntax
{
'findings': [
{
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE'|'ISSUER_CERTIFICATE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE'|'ISSUER_CERTIFICATE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string',
'isSuppressed': True|False
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
findings (list) --
The findings (results) of the audit.
(dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
additionalInfo (dict) --
Other information about the noncompliant resource.
(string) --
(string) --
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
isSuppressed (boolean) --
Indicates whether the audit finding was suppressed or not during reporting.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
{'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}}}
Response {'suppressions': {'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}}}}
Lists your Device Defender audit listings.
Requires permission to access the ListAuditSuppressions action.
See also: AWS API Documentation
Request Syntax
client.list_audit_suppressions(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
ascendingOrder=True|False,
nextToken='string',
maxResults=123
)
string
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
boolean
Determines whether suppressions are listed in ascending order by expiration date or not. If parameter isn't provided, ascendingOrder=true .
string
The token for the next set of results.
integer
The maximum number of results to return at one time. The default is 25.
dict
Response Syntax
{
'suppressions': [
{
'checkName': 'string',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
'expirationDate': datetime(2015, 1, 1),
'suppressIndefinitely': True|False,
'description': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
suppressions (list) --
List of audit suppressions.
(dict) --
Filters out specific findings of a Device Defender audit.
checkName (string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
expirationDate (datetime) --
The expiration date (epoch timestamp in seconds) that you want the suppression to adhere to.
suppressIndefinitely (boolean) --
Indicates whether a suppression should exist indefinitely or not.
description (string) --
The description of the audit suppression.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
{'resourceIdentifier': {'deviceCertificateArn': 'string',
'issuerCertificateIdentifier': {'issuerCertificateSerialNumber': 'string',
'issuerCertificateSubject': 'string',
'issuerId': 'string'}}}
Updates a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
client.update_audit_suppression(
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string',
'issuerCertificateIdentifier': {
'issuerCertificateSubject': 'string',
'issuerId': 'string',
'issuerCertificateSerialNumber': 'string'
},
'deviceCertificateArn': 'string'
},
expirationDate=datetime(2015, 1, 1),
suppressIndefinitely=True|False,
description='string'
)
string
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
[REQUIRED]
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
issuerCertificateIdentifier (dict) --
The issuer certificate identifier.
issuerCertificateSubject (string) --
The subject of the issuer certificate.
issuerId (string) --
The issuer ID.
issuerCertificateSerialNumber (string) --
The issuer certificate serial number.
deviceCertificateArn (string) --
The ARN of the identified device certificate.
datetime
The expiration date (epoch timestamp in seconds) that you want the suppression to adhere to.
boolean
Indicates whether a suppression should exist indefinitely or not.
string
The description of the audit suppression.
dict
Response Syntax
{}
Response Structure
(dict) --