2020/08/12 - AWS IoT - 5 new 3 updated api methods
Changes Audit finding suppressions: Device Defender enables customers to turn off non-compliant findings for specific resources on a per check basis.
Creates a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
client.create_audit_suppression( checkName='string', resourceIdentifier={ 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, expirationDate=datetime(2015, 1, 1), suppressIndefinitely=True|False, description='string', clientRequestToken='string' )
string
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
[REQUIRED]
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
datetime
The epoch timestamp in seconds at which this suppression expires.
boolean
Indicates whether a suppression should exist indefinitely or not.
string
The description of the audit suppression.
string
[REQUIRED]
The epoch timestamp in seconds at which this suppression expires.
This field is autopopulated if not provided.
dict
Response Syntax
{}
Response Structure
(dict) --
Gets information about a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
client.describe_audit_suppression( checkName='string', resourceIdentifier={ 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' } )
string
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
[REQUIRED]
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
dict
Response Syntax
{ 'checkName': 'string', 'resourceIdentifier': { 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, 'expirationDate': datetime(2015, 1, 1), 'suppressIndefinitely': True|False, 'description': 'string' }
Response Structure
(dict) --
checkName (string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
expirationDate (datetime) --
The epoch timestamp in seconds at which this suppression expires.
suppressIndefinitely (boolean) --
Indicates whether a suppression should exist indefinitely or not.
description (string) --
The description of the audit suppression.
Lists your Device Defender audit listings.
See also: AWS API Documentation
Request Syntax
client.list_audit_suppressions( checkName='string', resourceIdentifier={ 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, ascendingOrder=True|False, nextToken='string', maxResults=123 )
string
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
boolean
Determines whether suppressions are listed in ascending order by expiration date or not. If parameter isn't provided, ascendingOrder=true .
string
The token for the next set of results.
integer
The maximum number of results to return at one time. The default is 25.
dict
Response Syntax
{ 'suppressions': [ { 'checkName': 'string', 'resourceIdentifier': { 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, 'expirationDate': datetime(2015, 1, 1), 'suppressIndefinitely': True|False, 'description': 'string' }, ], 'nextToken': 'string' }
Response Structure
(dict) --
suppressions (list) --
List of audit suppressions.
(dict) --
Filters out specific findings of a Device Defender audit.
checkName (string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
expirationDate (datetime) --
The expiration date (epoch timestamp in seconds) that you want the suppression to adhere to.
suppressIndefinitely (boolean) --
Indicates whether a suppression should exist indefinitely or not.
description (string) --
The description of the audit suppression.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Updates a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
client.update_audit_suppression( checkName='string', resourceIdentifier={ 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, expirationDate=datetime(2015, 1, 1), suppressIndefinitely=True|False, description='string' )
string
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
[REQUIRED]
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
datetime
The expiration date (epoch timestamp in seconds) that you want the suppression to adhere to.
boolean
Indicates whether a suppression should exist indefinitely or not.
string
The description of the audit suppression.
dict
Response Syntax
{}
Response Structure
(dict) --
Deletes a Device Defender audit suppression.
See also: AWS API Documentation
Request Syntax
client.delete_audit_suppression( checkName='string', resourceIdentifier={ 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' } )
string
[REQUIRED]
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
dict
[REQUIRED]
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
dict
Response Syntax
{}
Response Structure
(dict) --
{'finding': {'isSuppressed': 'boolean'}}
Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started.
See also: AWS API Documentation
Request Syntax
client.describe_audit_finding( findingId='string' )
string
[REQUIRED]
A unique identifier for a single audit finding. You can use this identifier to apply mitigation actions to the finding.
dict
Response Syntax
{ 'finding': { 'findingId': 'string', 'taskId': 'string', 'checkName': 'string', 'taskStartTime': datetime(2015, 1, 1), 'findingTime': datetime(2015, 1, 1), 'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW', 'nonCompliantResource': { 'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE', 'resourceIdentifier': { 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, 'additionalInfo': { 'string': 'string' } }, 'relatedResources': [ { 'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE', 'resourceIdentifier': { 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, 'additionalInfo': { 'string': 'string' } }, ], 'reasonForNonCompliance': 'string', 'reasonForNonComplianceCode': 'string', 'isSuppressed': True|False } }
Response Structure
(dict) --
finding (dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the noncompliant resource.
(string) --
(string) --
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
isSuppressed (boolean) --
Indicates whether the audit finding was suppressed or not during reporting.
{'auditDetails': {'suppressedNonCompliantResourcesCount': 'long'}}
Gets information about a Device Defender audit.
See also: AWS API Documentation
Request Syntax
client.describe_audit_task( taskId='string' )
string
[REQUIRED]
The ID of the audit whose information you want to get.
dict
Response Syntax
{ 'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED', 'taskType': 'ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK', 'taskStartTime': datetime(2015, 1, 1), 'taskStatistics': { 'totalChecks': 123, 'inProgressChecks': 123, 'waitingForDataCollectionChecks': 123, 'compliantChecks': 123, 'nonCompliantChecks': 123, 'failedChecks': 123, 'canceledChecks': 123 }, 'scheduledAuditName': 'string', 'auditDetails': { 'string': { 'checkRunStatus': 'IN_PROGRESS'|'WAITING_FOR_DATA_COLLECTION'|'CANCELED'|'COMPLETED_COMPLIANT'|'COMPLETED_NON_COMPLIANT'|'FAILED', 'checkCompliant': True|False, 'totalResourcesCount': 123, 'nonCompliantResourcesCount': 123, 'suppressedNonCompliantResourcesCount': 123, 'errorCode': 'string', 'message': 'string' } } }
Response Structure
(dict) --
taskStatus (string) --
The status of the audit: one of "IN_PROGRESS", "COMPLETED", "FAILED", or "CANCELED".
taskType (string) --
The type of audit: "ON_DEMAND_AUDIT_TASK" or "SCHEDULED_AUDIT_TASK".
taskStartTime (datetime) --
The time the audit started.
taskStatistics (dict) --
Statistical information about the audit.
totalChecks (integer) --
The number of checks in this audit.
inProgressChecks (integer) --
The number of checks in progress.
waitingForDataCollectionChecks (integer) --
The number of checks waiting for data collection.
compliantChecks (integer) --
The number of checks that found compliant resources.
nonCompliantChecks (integer) --
The number of checks that found noncompliant resources.
failedChecks (integer) --
The number of checks.
canceledChecks (integer) --
The number of checks that did not run because the audit was canceled.
scheduledAuditName (string) --
The name of the scheduled audit (only if the audit was a scheduled audit).
auditDetails (dict) --
Detailed information about each check performed during this audit.
(string) --
An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)
(dict) --
Information about the audit check.
checkRunStatus (string) --
The completion status of this check. One of "IN_PROGRESS", "WAITING_FOR_DATA_COLLECTION", "CANCELED", "COMPLETED_COMPLIANT", "COMPLETED_NON_COMPLIANT", or "FAILED".
checkCompliant (boolean) --
True if the check is complete and found all resources compliant.
totalResourcesCount (integer) --
The number of resources on which the check was performed.
nonCompliantResourcesCount (integer) --
The number of resources that were found noncompliant during the check.
suppressedNonCompliantResourcesCount (integer) --
Describes how many of the non-compliant resources created during the evaluation of an audit check were marked as suppressed.
errorCode (string) --
The code of any error encountered when this check is performed during this audit. One of "INSUFFICIENT_PERMISSIONS" or "AUDIT_CHECK_DISABLED".
message (string) --
The message associated with any error encountered when this check is performed during this audit.
{'listSuppressedFindings': 'boolean'}Response
{'findings': {'isSuppressed': 'boolean'}}
Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 180 days.)
See also: AWS API Documentation
Request Syntax
client.list_audit_findings( taskId='string', checkName='string', resourceIdentifier={ 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, maxResults=123, nextToken='string', startTime=datetime(2015, 1, 1), endTime=datetime(2015, 1, 1), listSuppressedFindings=True|False )
string
A filter to limit results to the audit with the specified ID. You must specify either the taskId or the startTime and endTime, but not both.
string
A filter to limit results to the findings for the specified audit check.
dict
Information identifying the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
datetime
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
datetime
A filter to limit results to those found before the specified time. You must specify either the startTime and endTime or the taskId, but not both.
boolean
Boolean flag indicating whether only the suppressed findings or the unsuppressed findings should be listed. If this parameter isn't provided, the response will list both suppressed and unsuppressed findings.
dict
Response Syntax
{ 'findings': [ { 'findingId': 'string', 'taskId': 'string', 'checkName': 'string', 'taskStartTime': datetime(2015, 1, 1), 'findingTime': datetime(2015, 1, 1), 'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW', 'nonCompliantResource': { 'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE', 'resourceIdentifier': { 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, 'additionalInfo': { 'string': 'string' } }, 'relatedResources': [ { 'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE', 'resourceIdentifier': { 'deviceCertificateId': 'string', 'caCertificateId': 'string', 'cognitoIdentityPoolId': 'string', 'clientId': 'string', 'policyVersionIdentifier': { 'policyName': 'string', 'policyVersionId': 'string' }, 'account': 'string', 'iamRoleArn': 'string', 'roleAliasArn': 'string' }, 'additionalInfo': { 'string': 'string' } }, ], 'reasonForNonCompliance': 'string', 'reasonForNonComplianceCode': 'string', 'isSuppressed': True|False }, ], 'nextToken': 'string' }
Response Structure
(dict) --
findings (list) --
The findings (results) of the audit.
(dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the noncompliant resource.
(string) --
(string) --
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
isSuppressed (boolean) --
Indicates whether the audit finding was suppressed or not during reporting.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.