SecurityProfile

Learn how to create, update, and manage AWS IoT SecurityProfiles using Alchemy Cloud Control.

The SecurityProfile resource lets you manage AWS IoT SecurityProfiles for monitoring and controlling the security aspects of your IoT devices.

Minimal Example

Create a basic IoT SecurityProfile with essential properties and one optional property for additional metrics.

import AWS from "alchemy/aws/control";

const basicSecurityProfile = await AWS.IoT.SecurityProfile("basicSecurityProfile", {
  securityProfileName: "BasicSecurityProfile",
  securityProfileDescription: "A simple security profile for basic monitoring.",
  behaviors: [{
    metric: "mqtt.broker.bytes",
    operator: "greater-than",
    threshold: 1000,
    durationSeconds: 60
  }],
  additionalMetricsToRetainV2: [{
    metric: "mqtt.broker.bytes",
    metricType: "average",
    statistic: "Average"
  }]
});

Advanced Configuration

Configure a SecurityProfile with multiple behaviors and alert targets for comprehensive monitoring.

const advancedSecurityProfile = await AWS.IoT.SecurityProfile("advancedSecurityProfile", {
  securityProfileName: "AdvancedSecurityProfile",
  securityProfileDescription: "An advanced security profile with multiple behaviors.",
  behaviors: [{
    metric: "iot.device.connection",
    operator: "greater-than",
    threshold: 5,
    durationSeconds: 300
  }, {
    metric: "iot.device.error",
    operator: "greater-than",
    threshold: 1,
    durationSeconds: 60
  }],
  alertTargets: {
    "sns": {
      targetArn: "arn:aws:sns:us-west-2:123456789012:SecurityAlerts",
      roleArn: "arn:aws:iam::123456789012:role/SecurityProfileAlerts"
    }
  }
});

Monitoring with Metrics Export

Set up an IoT SecurityProfile that exports metrics for detailed analysis.

const metricsExportSecurityProfile = await AWS.IoT.SecurityProfile("metricsExportSecurityProfile", {
  securityProfileName: "MetricsExportSecurityProfile",
  securityProfileDescription: "Security profile with metrics export configuration.",
  behaviors: [{
    metric: "iot.device.connection",
    operator: "greater-than",
    threshold: 5,
    durationSeconds: 300
  }],
  metricsExportConfig: {
    roleArn: "arn:aws:iam::123456789012:role/ExportMetricsRole",
    metricTypes: ["total", "average"]
  }
});

Tagging for Organization

Create a SecurityProfile with tags for better resource organization and management.

const taggedSecurityProfile = await AWS.IoT.SecurityProfile("taggedSecurityProfile", {
  securityProfileName: "TaggedSecurityProfile",
  securityProfileDescription: "Security profile with tags for better organization.",
  tags: [{
    key: "Environment",
    value: "Production"
  }, {
    key: "Owner",
    value: "DevOps Team"
  }]
});