AccountAuditConfiguration ​
The AccountAuditConfiguration resource allows you to manage the audit configuration for AWS IoT, enabling you to set up and monitor security checks. You can find more information in the AWS IoT AccountAuditConfigurations documentation.
Minimal Example ​
Create a basic AccountAuditConfiguration with required properties and a common optional configuration for audit notifications.
ts
import AWS from "alchemy/aws/control";
const basicAuditConfig = await AWS.IoT.AccountAuditConfiguration("BasicAuditConfig", {
AccountId: "123456789012",
AuditCheckConfigurations: {
"Cognito": {
"enabled": true
},
"IotPolicy": {
"enabled": true
}
},
RoleArn: "arn:aws:iam::123456789012:role/service-role/AWSIoTAuditRole",
AuditNotificationTargetConfigurations: {
"SNS": {
"enabled": true,
"targetArn": "arn:aws:sns:us-east-1:123456789012:IoTAuditNotifications"
}
}
});Advanced Configuration ​
Configure additional audit checks and notification targets to enhance your security posture.
ts
const advancedAuditConfig = await AWS.IoT.AccountAuditConfiguration("AdvancedAuditConfig", {
AccountId: "123456789012",
AuditCheckConfigurations: {
"Cognito": {
"enabled": true
},
"IotPolicy": {
"enabled": true
},
"CaCertificate": {
"enabled": true
},
"DeviceCertificate": {
"enabled": false
}
},
RoleArn: "arn:aws:iam::123456789012:role/service-role/AWSIoTAuditRole",
AuditNotificationTargetConfigurations: {
"SNS": {
"enabled": true,
"targetArn": "arn:aws:sns:us-east-1:123456789012:IoTAuditNotifications"
},
"SQS": {
"enabled": true,
"targetArn": "arn:aws:sqs:us-east-1:123456789012:IoTAuditQueue"
}
}
});Custom Role Configuration ​
Set up a custom IAM role for the AccountAuditConfiguration to specify permissions more granularly.
ts
const customRoleAuditConfig = await AWS.IoT.AccountAuditConfiguration("CustomRoleAuditConfig", {
AccountId: "123456789012",
AuditCheckConfigurations: {
"IotPolicy": {
"enabled": true
},
"CaCertificate": {
"enabled": true
}
},
RoleArn: "arn:aws:iam::123456789012:role/custom/AWSIoTCustomAuditRole"
});