awscdkiotalpha

package module
v2.177.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2025 License: Apache-2.0 Imports: 9 Imported by: 1

README

AWS IoT Construct Library

---

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

AWS IoT Core lets you connect billions of IoT devices and route trillions of messages to AWS services without managing infrastructure.

TopicRule

Create a topic rule that give your devices the ability to interact with AWS services. You can create a topic rule with an action that invoke the Lambda action as following:

func := lambda.NewFunction(this, jsii.String("MyFunction"), &FunctionProps{
	Runtime: lambda.Runtime_NODEJS_LATEST(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_FromInline(jsii.String(`
	    exports.handler = (event) => {
	      console.log("It is test for lambda action of AWS IoT Rule.", event);
	    };`)),
})

iot.NewTopicRule(this, jsii.String("TopicRule"), &TopicRuleProps{
	TopicRuleName: jsii.String("MyTopicRule"),
	 // optional
	Description: jsii.String("invokes the lambda function"),
	 // optional
	Sql: iot.IotSql_FromStringAsVer20160323(jsii.String("SELECT topic(2) as device_id, timestamp() as timestamp FROM 'device/+/data'")),
	Actions: []iAction{
		actions.NewLambdaFunctionAction(func),
	},
})

Or, you can add an action after constructing the TopicRule instance as following:

var func function


topicRule := iot.NewTopicRule(this, jsii.String("TopicRule"), &TopicRuleProps{
	Sql: iot.IotSql_FromStringAsVer20160323(jsii.String("SELECT topic(2) as device_id, timestamp() as timestamp FROM 'device/+/data'")),
})
topicRule.AddAction(actions.NewLambdaFunctionAction(func))

You can also supply errorAction as following, and the IoT Rule will trigger it if a rule's action is unable to perform:

import logs "github.com/aws/aws-cdk-go/awscdk"


logGroup := logs.NewLogGroup(this, jsii.String("MyLogGroup"))

iot.NewTopicRule(this, jsii.String("TopicRule"), &TopicRuleProps{
	Sql: iot.IotSql_FromStringAsVer20160323(jsii.String("SELECT topic(2) as device_id, timestamp() as timestamp FROM 'device/+/data'")),
	ErrorAction: actions.NewCloudWatchLogsAction(logGroup),
})

If you wanna make the topic rule disable, add property enabled: false as following:

iot.NewTopicRule(this, jsii.String("TopicRule"), &TopicRuleProps{
	Sql: iot.IotSql_FromStringAsVer20160323(jsii.String("SELECT topic(2) as device_id, timestamp() as timestamp FROM 'device/+/data'")),
	Enabled: jsii.Boolean(false),
})

See also @aws-cdk/aws-iot-actions-alpha for other actions.

Logging

AWS IoT provides a logging feature that allows you to monitor and log AWS IoT activity.

You can enable IoT logging with the following code:

iot.NewLogging(this, jsii.String("Logging"), &LoggingProps{
	LogLevel: iot.LogLevel_INFO,
})

Note: All logs are forwarded to the AWSIotLogsV2 log group in CloudWatch.

Audit

An AWS IoT Device Defender audit looks at account- and device-related settings and policies to ensure security measures are in place. An audit can help you detect any drifts from security best practices or access policies.

Account Audit Configuration

The IoT audit includes various audit checks, and it is necessary to configure settings to enable those checks.

You can enable an account audit configuration with the following code:

// Audit notification are sent to the SNS topic
var targetTopic iTopic


iot.NewAccountAuditConfiguration(this, jsii.String("AuditConfiguration"), &AccountAuditConfigurationProps{
	TargetTopic: TargetTopic,
})

By default, all audit checks are enabled, but it is also possible to enable only specific audit checks.

iot.NewAccountAuditConfiguration(this, jsii.String("AuditConfiguration"), &AccountAuditConfigurationProps{
	CheckConfiguration: &CheckConfiguration{
		// enabled
		AuthenticatedCognitoRoleOverlyPermissiveCheck: jsii.Boolean(true),
		// enabled by default
		CaCertificateExpiringCheck: undefined,
		// disabled
		CaCertificateKeyQualityCheck: jsii.Boolean(false),
		ConflictingClientIdsCheck: jsii.Boolean(false),
		DeviceCertificateExpiringCheck: jsii.Boolean(false),
		DeviceCertificateKeyQualityCheck: jsii.Boolean(false),
		DeviceCertificateSharedCheck: jsii.Boolean(false),
		IntermediateCaRevokedForActiveDeviceCertificatesCheck: jsii.Boolean(false),
		IoTPolicyPotentialMisConfigurationCheck: jsii.Boolean(false),
		IotPolicyOverlyPermissiveCheck: jsii.Boolean(false),
		IotRoleAliasAllowsAccessToUnusedServicesCheck: jsii.Boolean(false),
		IotRoleAliasOverlyPermissiveCheck: jsii.Boolean(false),
		LoggingDisabledCheck: jsii.Boolean(false),
		RevokedCaCertificateStillActiveCheck: jsii.Boolean(false),
		RevokedDeviceCertificateStillActiveCheck: jsii.Boolean(false),
		UnauthenticatedCognitoRoleOverlyPermissiveCheck: jsii.Boolean(false),
	},
})
Scheduled Audit

You can create a scheduled audit that is run at a specified time interval. Checks must be enabled for your account by creating AccountAuditConfiguration.

var config accountAuditConfiguration


// Daily audit
dailyAudit := iot.NewScheduledAudit(this, jsii.String("DailyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_DAILY,
	AuditChecks: []auditCheck{
		iot.*auditCheck_AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK,
	},
})

// Weekly audit
weeklyAudit := iot.NewScheduledAudit(this, jsii.String("WeeklyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_WEEKLY,
	DayOfWeek: iot.DayOfWeek_SUNDAY,
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_EXPIRING_CHECK,
	},
})

// Monthly audit
monthlyAudit := iot.NewScheduledAudit(this, jsii.String("MonthlyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_MONTHLY,
	DayOfMonth: iot.DayOfMonth_Of(jsii.Number(1)),
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_KEY_QUALITY_CHECK,
	},
})

Documentation

Overview

The CDK Construct Library for AWS::IoT

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccountAuditConfiguration_IsConstruct 

func AccountAuditConfiguration_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func AccountAuditConfiguration_IsOwnedResource 

func AccountAuditConfiguration_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func AccountAuditConfiguration_IsResource 

func AccountAuditConfiguration_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func Logging_IsConstruct 

func Logging_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func Logging_IsOwnedResource 

func Logging_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func Logging_IsResource 

func Logging_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func NewAccountAuditConfiguration_Override 

func NewAccountAuditConfiguration_Override(a AccountAuditConfiguration, scope constructs.Construct, id *string, props *AccountAuditConfigurationProps)

Experimental.

func NewIotSql_Override 

func NewIotSql_Override(i IotSql)

Experimental.

func NewLogging_Override 

func NewLogging_Override(l Logging, scope constructs.Construct, id *string, props *LoggingProps)

Experimental.

func NewScheduledAudit_Override 

func NewScheduledAudit_Override(s ScheduledAudit, scope constructs.Construct, id *string, props *ScheduledAuditProps)

Experimental.

func NewTopicRule_Override 

func NewTopicRule_Override(t TopicRule, scope constructs.Construct, id *string, props *TopicRuleProps)

Experimental.

func ScheduledAudit_IsConstruct 

func ScheduledAudit_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func ScheduledAudit_IsOwnedResource 

func ScheduledAudit_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func ScheduledAudit_IsResource 

func ScheduledAudit_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TopicRule_IsConstruct 

func TopicRule_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func TopicRule_IsOwnedResource 

func TopicRule_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func TopicRule_IsResource 

func TopicRule_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

Types

type AccountAuditConfiguration 

type AccountAuditConfiguration interface {
	awscdk.Resource
	IAccountAuditConfiguration
	// The account ID.
	// Experimental.
	AccountId() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

Defines AWS IoT Audit Configuration.

Example: 

// Audit notification are sent to the SNS topic
var targetTopic iTopic

iot.NewAccountAuditConfiguration(this, jsii.String("AuditConfiguration"), &AccountAuditConfigurationProps{
	TargetTopic: TargetTopic,
})

Experimental.

func NewAccountAuditConfiguration 

func NewAccountAuditConfiguration(scope constructs.Construct, id *string, props *AccountAuditConfigurationProps) AccountAuditConfiguration

Experimental.

type AccountAuditConfigurationProps 

type AccountAuditConfigurationProps struct {
	// Specifies which audit checks are enabled and disabled for this account.
	// Default: - all checks are enabled.
	//
	// Experimental.
	CheckConfiguration *CheckConfiguration `field:"optional" json:"checkConfiguration" yaml:"checkConfiguration"`
	// The target SNS topic to which audit notifications are sent.
	// Default: - no notifications are sent.
	//
	// Experimental.
	TargetTopic awssns.ITopic `field:"optional" json:"targetTopic" yaml:"targetTopic"`
}

Properties for defining AWS IoT Audit Configuration.

Example: 

// Audit notification are sent to the SNS topic
var targetTopic iTopic

iot.NewAccountAuditConfiguration(this, jsii.String("AuditConfiguration"), &AccountAuditConfigurationProps{
	TargetTopic: TargetTopic,
})

Experimental.

type ActionConfig 

type ActionConfig struct {
	// The configuration for this action.
	// Experimental.
	Configuration *awsiot.CfnTopicRule_ActionProperty `field:"required" json:"configuration" yaml:"configuration"`
}

Properties for an topic rule action.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import iot_alpha "github.com/aws/aws-cdk-go/awscdkiotalpha"

actionConfig := &ActionConfig{
	Configuration: &ActionProperty{
		CloudwatchAlarm: &CloudwatchAlarmActionProperty{
			AlarmName: jsii.String("alarmName"),
			RoleArn: jsii.String("roleArn"),
			StateReason: jsii.String("stateReason"),
			StateValue: jsii.String("stateValue"),
		},
		CloudwatchLogs: &CloudwatchLogsActionProperty{
			LogGroupName: jsii.String("logGroupName"),
			RoleArn: jsii.String("roleArn"),

			// the properties below are optional
			BatchMode: jsii.Boolean(false),
		},
		CloudwatchMetric: &CloudwatchMetricActionProperty{
			MetricName: jsii.String("metricName"),
			MetricNamespace: jsii.String("metricNamespace"),
			MetricUnit: jsii.String("metricUnit"),
			MetricValue: jsii.String("metricValue"),
			RoleArn: jsii.String("roleArn"),

			// the properties below are optional
			MetricTimestamp: jsii.String("metricTimestamp"),
		},
		DynamoDb: &DynamoDBActionProperty{
			HashKeyField: jsii.String("hashKeyField"),
			HashKeyValue: jsii.String("hashKeyValue"),
			RoleArn: jsii.String("roleArn"),
			TableName: jsii.String("tableName"),

			// the properties below are optional
			HashKeyType: jsii.String("hashKeyType"),
			PayloadField: jsii.String("payloadField"),
			RangeKeyField: jsii.String("rangeKeyField"),
			RangeKeyType: jsii.String("rangeKeyType"),
			RangeKeyValue: jsii.String("rangeKeyValue"),
		},
		DynamoDBv2: &DynamoDBv2ActionProperty{
			PutItem: &PutItemInputProperty{
				TableName: jsii.String("tableName"),
			},
			RoleArn: jsii.String("roleArn"),
		},
		Elasticsearch: &ElasticsearchActionProperty{
			Endpoint: jsii.String("endpoint"),
			Id: jsii.String("id"),
			Index: jsii.String("index"),
			RoleArn: jsii.String("roleArn"),
			Type: jsii.String("type"),
		},
		Firehose: &FirehoseActionProperty{
			DeliveryStreamName: jsii.String("deliveryStreamName"),
			RoleArn: jsii.String("roleArn"),

			// the properties below are optional
			BatchMode: jsii.Boolean(false),
			Separator: jsii.String("separator"),
		},
		Http: &HttpActionProperty{
			Url: jsii.String("url"),

			// the properties below are optional
			Auth: &HttpAuthorizationProperty{
				Sigv4: &SigV4AuthorizationProperty{
					RoleArn: jsii.String("roleArn"),
					ServiceName: jsii.String("serviceName"),
					SigningRegion: jsii.String("signingRegion"),
				},
			},
			ConfirmationUrl: jsii.String("confirmationUrl"),
			Headers: []interface{}{
				&HttpActionHeaderProperty{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
		},
		IotAnalytics: &IotAnalyticsActionProperty{
			ChannelName: jsii.String("channelName"),
			RoleArn: jsii.String("roleArn"),

			// the properties below are optional
			BatchMode: jsii.Boolean(false),
		},
		IotEvents: &IotEventsActionProperty{
			InputName: jsii.String("inputName"),
			RoleArn: jsii.String("roleArn"),

			// the properties below are optional
			BatchMode: jsii.Boolean(false),
			MessageId: jsii.String("messageId"),
		},
		IotSiteWise: &IotSiteWiseActionProperty{
			PutAssetPropertyValueEntries: []interface{}{
				&PutAssetPropertyValueEntryProperty{
					PropertyValues: []interface{}{
						&AssetPropertyValueProperty{
							Timestamp: &AssetPropertyTimestampProperty{
								TimeInSeconds: jsii.String("timeInSeconds"),

								// the properties below are optional
								OffsetInNanos: jsii.String("offsetInNanos"),
							},
							Value: &AssetPropertyVariantProperty{
								BooleanValue: jsii.String("booleanValue"),
								DoubleValue: jsii.String("doubleValue"),
								IntegerValue: jsii.String("integerValue"),
								StringValue: jsii.String("stringValue"),
							},

							// the properties below are optional
							Quality: jsii.String("quality"),
						},
					},

					// the properties below are optional
					AssetId: jsii.String("assetId"),
					EntryId: jsii.String("entryId"),
					PropertyAlias: jsii.String("propertyAlias"),
					PropertyId: jsii.String("propertyId"),
				},
			},
			RoleArn: jsii.String("roleArn"),
		},
		Kafka: &KafkaActionProperty{
			ClientProperties: map[string]*string{
				"clientPropertiesKey": jsii.String("clientProperties"),
			},
			DestinationArn: jsii.String("destinationArn"),
			Topic: jsii.String("topic"),

			// the properties below are optional
			Headers: []interface{}{
				&KafkaActionHeaderProperty{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			Key: jsii.String("key"),
			Partition: jsii.String("partition"),
		},
		Kinesis: &KinesisActionProperty{
			RoleArn: jsii.String("roleArn"),
			StreamName: jsii.String("streamName"),

			// the properties below are optional
			PartitionKey: jsii.String("partitionKey"),
		},
		Lambda: &LambdaActionProperty{
			FunctionArn: jsii.String("functionArn"),
		},
		Location: &LocationActionProperty{
			DeviceId: jsii.String("deviceId"),
			Latitude: jsii.String("latitude"),
			Longitude: jsii.String("longitude"),
			RoleArn: jsii.String("roleArn"),
			TrackerName: jsii.String("trackerName"),

			// the properties below are optional
			Timestamp: &TimestampProperty{
				Value: jsii.String("value"),

				// the properties below are optional
				Unit: jsii.String("unit"),
			},
		},
		OpenSearch: &OpenSearchActionProperty{
			Endpoint: jsii.String("endpoint"),
			Id: jsii.String("id"),
			Index: jsii.String("index"),
			RoleArn: jsii.String("roleArn"),
			Type: jsii.String("type"),
		},
		Republish: &RepublishActionProperty{
			RoleArn: jsii.String("roleArn"),
			Topic: jsii.String("topic"),

			// the properties below are optional
			Headers: &RepublishActionHeadersProperty{
				ContentType: jsii.String("contentType"),
				CorrelationData: jsii.String("correlationData"),
				MessageExpiry: jsii.String("messageExpiry"),
				PayloadFormatIndicator: jsii.String("payloadFormatIndicator"),
				ResponseTopic: jsii.String("responseTopic"),
				UserProperties: []interface{}{
					&UserPropertyProperty{
						Key: jsii.String("key"),
						Value: jsii.String("value"),
					},
				},
			},
			Qos: jsii.Number(123),
		},
		S3: &S3ActionProperty{
			BucketName: jsii.String("bucketName"),
			Key: jsii.String("key"),
			RoleArn: jsii.String("roleArn"),

			// the properties below are optional
			CannedAcl: jsii.String("cannedAcl"),
		},
		Sns: &SnsActionProperty{
			RoleArn: jsii.String("roleArn"),
			TargetArn: jsii.String("targetArn"),

			// the properties below are optional
			MessageFormat: jsii.String("messageFormat"),
		},
		Sqs: &SqsActionProperty{
			QueueUrl: jsii.String("queueUrl"),
			RoleArn: jsii.String("roleArn"),

			// the properties below are optional
			UseBase64: jsii.Boolean(false),
		},
		StepFunctions: &StepFunctionsActionProperty{
			RoleArn: jsii.String("roleArn"),
			StateMachineName: jsii.String("stateMachineName"),

			// the properties below are optional
			ExecutionNamePrefix: jsii.String("executionNamePrefix"),
		},
		Timestream: &TimestreamActionProperty{
			DatabaseName: jsii.String("databaseName"),
			Dimensions: []interface{}{
				&TimestreamDimensionProperty{
					Name: jsii.String("name"),
					Value: jsii.String("value"),
				},
			},
			RoleArn: jsii.String("roleArn"),
			TableName: jsii.String("tableName"),

			// the properties below are optional
			Timestamp: &TimestreamTimestampProperty{
				Unit: jsii.String("unit"),
				Value: jsii.String("value"),
			},
		},
	},
}

Experimental.

type AuditCheck 

type AuditCheck string

The AWS IoT Device Defender audit checks.

Example: 

var config accountAuditConfiguration

// Daily audit
dailyAudit := iot.NewScheduledAudit(this, jsii.String("DailyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_DAILY,
	AuditChecks: []auditCheck{
		iot.*auditCheck_AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK,
	},
})

// Weekly audit
weeklyAudit := iot.NewScheduledAudit(this, jsii.String("WeeklyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_WEEKLY,
	DayOfWeek: iot.DayOfWeek_SUNDAY,
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_EXPIRING_CHECK,
	},
})

// Monthly audit
monthlyAudit := iot.NewScheduledAudit(this, jsii.String("MonthlyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_MONTHLY,
	DayOfMonth: iot.DayOfMonth_Of(jsii.Number(1)),
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_KEY_QUALITY_CHECK,
	},
})

See: https://docs.aws.amazon.com/iot-device-defender/latest/devguide/device-defender-audit-checks.html

Experimental. 

const (
	// Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
	//
	// For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker
	// during the 31 days before the audit is performed.
	// Experimental.
	AuditCheck_AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK AuditCheck = "AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK"
	// Checks if a CA certificate is expiring.
	//
	// This check applies to CA certificates expiring within 30 days or that have expired.
	// Experimental.
	AuditCheck_CA_CERTIFICATE_EXPIRING_CHECK AuditCheck = "CA_CERTIFICATE_EXPIRING_CHECK"
	// Checks the quality of the CA certificate key.
	//
	// The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size.
	//
	// This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER.
	// Experimental.
	AuditCheck_CA_CERTIFICATE_KEY_QUALITY_CHECK AuditCheck = "CA_CERTIFICATE_KEY_QUALITY_CHECK"
	// Checks if multiple devices connect using the same client ID.
	// Experimental.
	AuditCheck_CONFLICTING_CLIENT_IDS_CHECK AuditCheck = "CONFLICTING_CLIENT_IDS_CHECK"
	// Checks if a device certificate is expiring.
	//
	// This check applies to device certificates expiring within 30 days or that have expired.
	// Experimental.
	AuditCheck_DEVICE_CERTIFICATE_EXPIRING_CHECK AuditCheck = "DEVICE_CERTIFICATE_EXPIRING_CHECK"
	// Checks the quality of the device certificate key.
	//
	// The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority,
	// and if the key meets a minimum required size.
	// Experimental.
	AuditCheck_DEVICE_CERTIFICATE_KEY_QUALITY_CHECK AuditCheck = "DEVICE_CERTIFICATE_KEY_QUALITY_CHECK"
	// Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT.
	// Experimental.
	AuditCheck_DEVICE_CERTIFICATE_SHARED_CHECK AuditCheck = "DEVICE_CERTIFICATE_SHARED_CHECK"
	// Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
	// Experimental.
	AuditCheck_IOT_POLICY_OVERLY_PERMISSIVE_CHECK AuditCheck = "IOT_POLICY_OVERLY_PERMISSIVE_CHECK"
	// Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
	// Experimental.
	AuditCheck_IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK AuditCheck = "IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK"
	// Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
	// Experimental.
	AuditCheck_IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK AuditCheck = "IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK"
	// Checks if AWS IoT logs are disabled.
	// Experimental.
	AuditCheck_LOGGING_DISABLED_CHECK AuditCheck = "LOGGING_DISABLED_CHECK"
	// Checks if a revoked CA certificate is still active.
	// Experimental.
	AuditCheck_REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK AuditCheck = "REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK"
	// Checks if a revoked device certificate is still active.
	// Experimental.
	AuditCheck_REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK AuditCheck = "REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK"
	// Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
	// Experimental.
	AuditCheck_UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK AuditCheck = "UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK"
)

type CheckConfiguration 

type CheckConfiguration struct {
	// Checks the permissiveness of an authenticated Amazon Cognito identity pool role.
	//
	// For this check, AWS IoT Device Defender audits all Amazon Cognito identity pools that have been used to connect to the AWS IoT message broker
	// during the 31 days before the audit is performed.
	// Default: true.
	//
	// Experimental.
	AuthenticatedCognitoRoleOverlyPermissiveCheck *bool `field:"optional" json:"authenticatedCognitoRoleOverlyPermissiveCheck" yaml:"authenticatedCognitoRoleOverlyPermissiveCheck"`
	// Checks if a CA certificate is expiring.
	//
	// This check applies to CA certificates expiring within 30 days or that have expired.
	// Default: true.
	//
	// Experimental.
	CaCertificateExpiringCheck *bool `field:"optional" json:"caCertificateExpiringCheck" yaml:"caCertificateExpiringCheck"`
	// Checks the quality of the CA certificate key.
	//
	// The quality checks if the key is in a valid format, not expired, and if the key meets a minimum required size.
	//
	// This check applies to CA certificates that are ACTIVE or PENDING_TRANSFER.
	// Default: true.
	//
	// Experimental.
	CaCertificateKeyQualityCheck *bool `field:"optional" json:"caCertificateKeyQualityCheck" yaml:"caCertificateKeyQualityCheck"`
	// Checks if multiple devices connect using the same client ID.
	// Default: true.
	//
	// Experimental.
	ConflictingClientIdsCheck *bool `field:"optional" json:"conflictingClientIdsCheck" yaml:"conflictingClientIdsCheck"`
	// Checks if a device certificate is expiring.
	//
	// This check applies to device certificates expiring within 30 days or that have expired.
	// Default: true.
	//
	// Experimental.
	DeviceCertificateExpiringCheck *bool `field:"optional" json:"deviceCertificateExpiringCheck" yaml:"deviceCertificateExpiringCheck"`
	// Checks the quality of the device certificate key.
	//
	// The quality checks if the key is in a valid format, not expired, signed by a registered certificate authority,
	// and if the key meets a minimum required size.
	// Default: true.
	//
	// Experimental.
	DeviceCertificateKeyQualityCheck *bool `field:"optional" json:"deviceCertificateKeyQualityCheck" yaml:"deviceCertificateKeyQualityCheck"`
	// Checks if multiple concurrent connections use the same X.509 certificate to authenticate with AWS IoT.
	// Default: true.
	//
	// Experimental.
	DeviceCertificateSharedCheck *bool `field:"optional" json:"deviceCertificateSharedCheck" yaml:"deviceCertificateSharedCheck"`
	// Checks if device certificates are still active despite being revoked by an intermediate CA.
	// Default: true.
	//
	// Experimental.
	IntermediateCaRevokedForActiveDeviceCertificatesCheck *bool `` /* 138-byte string literal not displayed */
	// Checks the permissiveness of a policy attached to an authenticated Amazon Cognito identity pool role.
	// Default: true.
	//
	// Experimental.
	IotPolicyOverlyPermissiveCheck *bool `field:"optional" json:"iotPolicyOverlyPermissiveCheck" yaml:"iotPolicyOverlyPermissiveCheck"`
	// Checks if an AWS IoT policy is potentially misconfigured.
	//
	// Misconfigured policies, including overly permissive policies, can cause security incidents like allowing devices access to unintended resources.
	//
	// This check is a warning for you to make sure that only intended actions are allowed before updating the policy.
	// Default: true.
	//
	// Experimental.
	IoTPolicyPotentialMisConfigurationCheck *bool `field:"optional" json:"ioTPolicyPotentialMisConfigurationCheck" yaml:"ioTPolicyPotentialMisConfigurationCheck"`
	// Checks if a role alias has access to services that haven't been used for the AWS IoT device in the last year.
	// Default: true.
	//
	// Experimental.
	IotRoleAliasAllowsAccessToUnusedServicesCheck *bool `field:"optional" json:"iotRoleAliasAllowsAccessToUnusedServicesCheck" yaml:"iotRoleAliasAllowsAccessToUnusedServicesCheck"`
	// Checks if the temporary credentials provided by AWS IoT role aliases are overly permissive.
	// Default: true.
	//
	// Experimental.
	IotRoleAliasOverlyPermissiveCheck *bool `field:"optional" json:"iotRoleAliasOverlyPermissiveCheck" yaml:"iotRoleAliasOverlyPermissiveCheck"`
	// Checks if AWS IoT logs are disabled.
	// Default: true.
	//
	// Experimental.
	LoggingDisabledCheck *bool `field:"optional" json:"loggingDisabledCheck" yaml:"loggingDisabledCheck"`
	// Checks if a revoked CA certificate is still active.
	// Default: true.
	//
	// Experimental.
	RevokedCaCertificateStillActiveCheck *bool `field:"optional" json:"revokedCaCertificateStillActiveCheck" yaml:"revokedCaCertificateStillActiveCheck"`
	// Checks if a revoked device certificate is still active.
	// Default: true.
	//
	// Experimental.
	RevokedDeviceCertificateStillActiveCheck *bool `field:"optional" json:"revokedDeviceCertificateStillActiveCheck" yaml:"revokedDeviceCertificateStillActiveCheck"`
	// Checks if policy attached to an unauthenticated Amazon Cognito identity pool role is too permissive.
	// Default: true.
	//
	// Experimental.
	UnauthenticatedCognitoRoleOverlyPermissiveCheck *bool `` /* 126-byte string literal not displayed */
}

The types of audit checks.

Example: 

iot.NewAccountAuditConfiguration(this, jsii.String("AuditConfiguration"), &AccountAuditConfigurationProps{
	CheckConfiguration: &CheckConfiguration{
		// enabled
		AuthenticatedCognitoRoleOverlyPermissiveCheck: jsii.Boolean(true),
		// enabled by default
		CaCertificateExpiringCheck: undefined,
		// disabled
		CaCertificateKeyQualityCheck: jsii.Boolean(false),
		ConflictingClientIdsCheck: jsii.Boolean(false),
		DeviceCertificateExpiringCheck: jsii.Boolean(false),
		DeviceCertificateKeyQualityCheck: jsii.Boolean(false),
		DeviceCertificateSharedCheck: jsii.Boolean(false),
		IntermediateCaRevokedForActiveDeviceCertificatesCheck: jsii.Boolean(false),
		IoTPolicyPotentialMisConfigurationCheck: jsii.Boolean(false),
		IotPolicyOverlyPermissiveCheck: jsii.Boolean(false),
		IotRoleAliasAllowsAccessToUnusedServicesCheck: jsii.Boolean(false),
		IotRoleAliasOverlyPermissiveCheck: jsii.Boolean(false),
		LoggingDisabledCheck: jsii.Boolean(false),
		RevokedCaCertificateStillActiveCheck: jsii.Boolean(false),
		RevokedDeviceCertificateStillActiveCheck: jsii.Boolean(false),
		UnauthenticatedCognitoRoleOverlyPermissiveCheck: jsii.Boolean(false),
	},
})

See: https://docs.aws.amazon.com/iot-device-defender/latest/devguide/device-defender-audit-checks.html

Experimental.

type DayOfMonth 

type DayOfMonth interface {
	// The day of the month.
	// Experimental.
	Day() *string
}

The day of the month on which the scheduled audit takes place.

Example: 

var config accountAuditConfiguration

// Daily audit
dailyAudit := iot.NewScheduledAudit(this, jsii.String("DailyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_DAILY,
	AuditChecks: []auditCheck{
		iot.*auditCheck_AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK,
	},
})

// Weekly audit
weeklyAudit := iot.NewScheduledAudit(this, jsii.String("WeeklyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_WEEKLY,
	DayOfWeek: iot.DayOfWeek_SUNDAY,
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_EXPIRING_CHECK,
	},
})

// Monthly audit
monthlyAudit := iot.NewScheduledAudit(this, jsii.String("MonthlyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_MONTHLY,
	DayOfMonth: iot.DayOfMonth_Of(jsii.Number(1)),
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_KEY_QUALITY_CHECK,
	},
})

Experimental.

func DayOfMonth_LAST_DAY 

func DayOfMonth_LAST_DAY() DayOfMonth

func DayOfMonth_Of 

func DayOfMonth_Of(day *float64) DayOfMonth

Custom day of the month. Experimental.

type DayOfWeek 

type DayOfWeek string

The day of the week on which the scheduled audit takes place.

Example: 

var config accountAuditConfiguration

// Daily audit
dailyAudit := iot.NewScheduledAudit(this, jsii.String("DailyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_DAILY,
	AuditChecks: []auditCheck{
		iot.*auditCheck_AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK,
	},
})

// Weekly audit
weeklyAudit := iot.NewScheduledAudit(this, jsii.String("WeeklyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_WEEKLY,
	DayOfWeek: iot.DayOfWeek_SUNDAY,
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_EXPIRING_CHECK,
	},
})

// Monthly audit
monthlyAudit := iot.NewScheduledAudit(this, jsii.String("MonthlyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_MONTHLY,
	DayOfMonth: iot.DayOfMonth_Of(jsii.Number(1)),
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_KEY_QUALITY_CHECK,
	},
})

Experimental. 

const (
	// Sunday.
	// Experimental.
	DayOfWeek_SUNDAY DayOfWeek = "SUNDAY"
	// Monday.
	// Experimental.
	DayOfWeek_MONDAY DayOfWeek = "MONDAY"
	// Tuesday.
	// Experimental.
	DayOfWeek_TUESDAY DayOfWeek = "TUESDAY"
	// Wednesday.
	// Experimental.
	DayOfWeek_WEDNESDAY DayOfWeek = "WEDNESDAY"
	// Thursday.
	// Experimental.
	DayOfWeek_THURSDAY DayOfWeek = "THURSDAY"
	// Friday.
	// Experimental.
	DayOfWeek_FRIDAY DayOfWeek = "FRIDAY"
	// Saturday.
	// Experimental.
	DayOfWeek_SATURDAY DayOfWeek = "SATURDAY"
)

type Frequency 

type Frequency string

The frequency at which the scheduled audit takes place.

Example: 

var config accountAuditConfiguration

// Daily audit
dailyAudit := iot.NewScheduledAudit(this, jsii.String("DailyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_DAILY,
	AuditChecks: []auditCheck{
		iot.*auditCheck_AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK,
	},
})

// Weekly audit
weeklyAudit := iot.NewScheduledAudit(this, jsii.String("WeeklyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_WEEKLY,
	DayOfWeek: iot.DayOfWeek_SUNDAY,
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_EXPIRING_CHECK,
	},
})

// Monthly audit
monthlyAudit := iot.NewScheduledAudit(this, jsii.String("MonthlyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_MONTHLY,
	DayOfMonth: iot.DayOfMonth_Of(jsii.Number(1)),
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_KEY_QUALITY_CHECK,
	},
})

Experimental. 

const (
	// Daily.
	// Experimental.
	Frequency_DAILY Frequency = "DAILY"
	// Weekly.
	// Experimental.
	Frequency_WEEKLY Frequency = "WEEKLY"
	// Bi-weekly.
	// Experimental.
	Frequency_BI_WEEKLY Frequency = "BI_WEEKLY"
	// Monthly.
	// Experimental.
	Frequency_MONTHLY Frequency = "MONTHLY"
)

type IAccountAuditConfiguration 

type IAccountAuditConfiguration interface {
	awscdk.IResource
	// The account ID.
	// Experimental.
	AccountId() *string
}

Represents AWS IoT Audit Configuration. Experimental.

func AccountAuditConfiguration_FromAccountId 

func AccountAuditConfiguration_FromAccountId(scope constructs.Construct, id *string, accountId *string) IAccountAuditConfiguration

Import an existing AWS IoT Audit Configuration. Experimental.

type IAction 

type IAction interface {
}

An abstract action for TopicRule. Experimental.

type ILogging 

type ILogging interface {
	awscdk.IResource
	// The log ID.
	// Experimental.
	LogId() *string
}

Represents AWS IoT Logging. Experimental.

func Logging_FromLogId 

func Logging_FromLogId(scope constructs.Construct, id *string, logId *string) ILogging

Import an existing AWS IoT Logging. Experimental.

type IScheduledAudit 

type IScheduledAudit interface {
	awscdk.IResource
	// The ARN of the scheduled audit.
	// Experimental.
	ScheduledAuditArn() *string
	// The scheduled audit name.
	// Experimental.
	ScheduledAuditName() *string
}

Represents AWS IoT Scheduled Audit. Experimental.

func ScheduledAudit_FromScheduledAuditArn 

func ScheduledAudit_FromScheduledAuditArn(scope constructs.Construct, id *string, scheduledAuditArn *string) IScheduledAudit

Import an existing AWS IoT Scheduled Audit from its ARN. Experimental.

func ScheduledAudit_FromScheduledAuditAttributes 

func ScheduledAudit_FromScheduledAuditAttributes(scope constructs.Construct, id *string, attrs *ScheduledAuditAttributes) IScheduledAudit

Import an existing AWS IoT Scheduled Audit from its attributes. Experimental.

type ITopicRule 

type ITopicRule interface {
	awscdk.IResource
	// The value of the topic rule Amazon Resource Name (ARN), such as arn:aws:iot:us-east-2:123456789012:rule/rule_name.
	// Experimental.
	TopicRuleArn() *string
	// The name topic rule.
	// Experimental.
	TopicRuleName() *string
}

Represents an AWS IoT Rule. Experimental.

func TopicRule_FromTopicRuleArn 

func TopicRule_FromTopicRuleArn(scope constructs.Construct, id *string, topicRuleArn *string) ITopicRule

Import an existing AWS IoT Rule provided an ARN. Experimental.

type IotSql 

type IotSql interface {
	// Returns the IoT SQL configuration.
	// Experimental.
	Bind(scope constructs.Construct) *IotSqlConfig
}

Defines AWS IoT SQL.

Example: 

import sns "github.com/aws/aws-cdk-go/awscdk"

topic := sns.NewTopic(this, jsii.String("MyTopic"))

topicRule := iot.NewTopicRule(this, jsii.String("TopicRule"), &TopicRuleProps{
	Sql: iot.IotSql_FromStringAsVer20160323(jsii.String("SELECT topic(2) as device_id, year, month, day FROM 'device/+/data'")),
	Actions: []iAction{
		actions.NewSnsTopicAction(topic, &SnsTopicActionProps{
			MessageFormat: actions.SnsActionMessageFormat_JSON,
		}),
	},
})

Experimental.

func IotSql_FromStringAsVer20151008 

func IotSql_FromStringAsVer20151008(sql *string) IotSql

Uses the original SQL version built on 2015-10-08.

Returns: Instance of IotSql. Experimental.

func IotSql_FromStringAsVer20160323 

func IotSql_FromStringAsVer20160323(sql *string) IotSql

Uses the SQL version built on 2016-03-23.

Returns: Instance of IotSql. Experimental.

func IotSql_FromStringAsVerNewestUnstable 

func IotSql_FromStringAsVerNewestUnstable(sql *string) IotSql

Uses the most recent beta SQL version.

If you use this version, it might introduce breaking changes to your rules.

Returns: Instance of IotSql. Experimental.

type IotSqlConfig 

type IotSqlConfig struct {
	// The version of the SQL rules engine to use when evaluating the rule.
	// Experimental.
	AwsIotSqlVersion *string `field:"required" json:"awsIotSqlVersion" yaml:"awsIotSqlVersion"`
	// The SQL statement used to query the topic.
	// Experimental.
	Sql *string `field:"required" json:"sql" yaml:"sql"`
}

The type returned from the `bind()` method in `IotSql`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import iot_alpha "github.com/aws/aws-cdk-go/awscdkiotalpha"

iotSqlConfig := &IotSqlConfig{
	AwsIotSqlVersion: jsii.String("awsIotSqlVersion"),
	Sql: jsii.String("sql"),
}

Experimental.

type LogLevel 

type LogLevel string

The log level for the AWS IoT Logging.

Example: 

iot.NewLogging(this, jsii.String("Logging"), &LoggingProps{
	LogLevel: iot.LogLevel_INFO,
})

Experimental. 

const (
	// Any error that causes an operation to fail.
	//
	// Logs include ERROR information only.
	// Experimental.
	LogLevel_ERROR LogLevel = "ERROR"
	// Anything that can potentially cause inconsistencies in the system, but might not cause the operation to fail.
	//
	// Logs include ERROR and WARN information.
	// Experimental.
	LogLevel_WARN LogLevel = "WARN"
	// High-level information about the flow of things.
	//
	// Logs include INFO, ERROR, and WARN information.
	// Experimental.
	LogLevel_INFO LogLevel = "INFO"
	// Information that might be helpful when debugging a problem.
	//
	// Logs include DEBUG, INFO, ERROR, and WARN information.
	// Experimental.
	LogLevel_DEBUG LogLevel = "DEBUG"
	// All logging is disabled.
	// Experimental.
	LogLevel_DISABLED LogLevel = "DISABLED"
)

type Logging 

type Logging interface {
	awscdk.Resource
	ILogging
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// The logging ID.
	// Experimental.
	LogId() *string
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

Defines AWS IoT Logging.

Example: 

iot.NewLogging(this, jsii.String("Logging"), &LoggingProps{
	LogLevel: iot.LogLevel_INFO,
})

Experimental.

func NewLogging 

func NewLogging(scope constructs.Construct, id *string, props *LoggingProps) Logging

Experimental.

type LoggingProps 

type LoggingProps struct {
	// The log level for the AWS IoT Logging.
	// Default: LogLevel.ERROR
	//
	// Experimental.
	LogLevel LogLevel `field:"optional" json:"logLevel" yaml:"logLevel"`
}

Properties for defining AWS IoT Logging.

Example: 

iot.NewLogging(this, jsii.String("Logging"), &LoggingProps{
	LogLevel: iot.LogLevel_INFO,
})

Experimental.

type ScheduledAudit 

type ScheduledAudit interface {
	awscdk.Resource
	IScheduledAudit
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The ARN of the scheduled audit.
	// Experimental.
	ScheduledAuditArn() *string
	// The scheduled audit name.
	// Experimental.
	ScheduledAuditName() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

Defines AWS IoT Scheduled Audit.

Example: 

var config accountAuditConfiguration

// Daily audit
dailyAudit := iot.NewScheduledAudit(this, jsii.String("DailyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_DAILY,
	AuditChecks: []auditCheck{
		iot.*auditCheck_AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK,
	},
})

// Weekly audit
weeklyAudit := iot.NewScheduledAudit(this, jsii.String("WeeklyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_WEEKLY,
	DayOfWeek: iot.DayOfWeek_SUNDAY,
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_EXPIRING_CHECK,
	},
})

// Monthly audit
monthlyAudit := iot.NewScheduledAudit(this, jsii.String("MonthlyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_MONTHLY,
	DayOfMonth: iot.DayOfMonth_Of(jsii.Number(1)),
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_KEY_QUALITY_CHECK,
	},
})

Experimental.

func NewScheduledAudit 

func NewScheduledAudit(scope constructs.Construct, id *string, props *ScheduledAuditProps) ScheduledAudit

Experimental.

type ScheduledAuditAttributes 

type ScheduledAuditAttributes struct {
	// The ARN of the scheduled audit.
	// Experimental.
	ScheduledAuditArn *string `field:"required" json:"scheduledAuditArn" yaml:"scheduledAuditArn"`
	// The scheduled audit name.
	// Experimental.
	ScheduledAuditName *string `field:"required" json:"scheduledAuditName" yaml:"scheduledAuditName"`
}

Construction properties for a Scheduled Audit.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import iot_alpha "github.com/aws/aws-cdk-go/awscdkiotalpha"

scheduledAuditAttributes := &ScheduledAuditAttributes{
	ScheduledAuditArn: jsii.String("scheduledAuditArn"),
	ScheduledAuditName: jsii.String("scheduledAuditName"),
}

Experimental.

type ScheduledAuditProps 

type ScheduledAuditProps struct {
	// Account audit configuration.
	//
	// The audit checks specified in `auditChecks` must be enabled in this configuration.
	// Experimental.
	AccountAuditConfiguration IAccountAuditConfiguration `field:"required" json:"accountAuditConfiguration" yaml:"accountAuditConfiguration"`
	// Which checks are performed during the scheduled audit.
	//
	// Checks must be enabled for your account.
	// Experimental.
	AuditChecks *[]AuditCheck `field:"required" json:"auditChecks" yaml:"auditChecks"`
	// How often the scheduled audit occurs.
	// Experimental.
	Frequency Frequency `field:"required" json:"frequency" yaml:"frequency"`
	// The day of the month on which the scheduled audit is run (if the frequency is "MONTHLY").
	//
	// If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.
	// Default: - required if frequency is "MONTHLY", not allowed otherwise.
	//
	// Experimental.
	DayOfMonth DayOfMonth `field:"optional" json:"dayOfMonth" yaml:"dayOfMonth"`
	// The day of the week on which the scheduled audit is run (if the frequency is "WEEKLY" or "BIWEEKLY").
	// Default: - required if frequency is "WEEKLY" or "BIWEEKLY", not allowed otherwise.
	//
	// Experimental.
	DayOfWeek DayOfWeek `field:"optional" json:"dayOfWeek" yaml:"dayOfWeek"`
	// The name of the scheduled audit.
	// Default: - auto generated name.
	//
	// Experimental.
	ScheduledAuditName *string `field:"optional" json:"scheduledAuditName" yaml:"scheduledAuditName"`
}

Properties for defining AWS IoT Scheduled Audit.

Example: 

var config accountAuditConfiguration

// Daily audit
dailyAudit := iot.NewScheduledAudit(this, jsii.String("DailyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_DAILY,
	AuditChecks: []auditCheck{
		iot.*auditCheck_AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK,
	},
})

// Weekly audit
weeklyAudit := iot.NewScheduledAudit(this, jsii.String("WeeklyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_WEEKLY,
	DayOfWeek: iot.DayOfWeek_SUNDAY,
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_EXPIRING_CHECK,
	},
})

// Monthly audit
monthlyAudit := iot.NewScheduledAudit(this, jsii.String("MonthlyAudit"), &ScheduledAuditProps{
	AccountAuditConfiguration: config,
	Frequency: iot.Frequency_MONTHLY,
	DayOfMonth: iot.DayOfMonth_Of(jsii.Number(1)),
	AuditChecks: []*auditCheck{
		iot.*auditCheck_CA_CERTIFICATE_KEY_QUALITY_CHECK,
	},
})

Experimental.

type TopicRule 

type TopicRule interface {
	awscdk.Resource
	ITopicRule
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Arn of this topic rule.
	// Experimental.
	TopicRuleArn() *string
	// Name of this topic rule.
	// Experimental.
	TopicRuleName() *string
	// Add a action to the topic rule.
	// Experimental.
	AddAction(action IAction)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

Defines an AWS IoT Rule in this stack.

Example: 

import sns "github.com/aws/aws-cdk-go/awscdk"

topic := sns.NewTopic(this, jsii.String("MyTopic"))

topicRule := iot.NewTopicRule(this, jsii.String("TopicRule"), &TopicRuleProps{
	Sql: iot.IotSql_FromStringAsVer20160323(jsii.String("SELECT topic(2) as device_id, year, month, day FROM 'device/+/data'")),
	Actions: []iAction{
		actions.NewSnsTopicAction(topic, &SnsTopicActionProps{
			MessageFormat: actions.SnsActionMessageFormat_JSON,
		}),
	},
})

Experimental.

func NewTopicRule 

func NewTopicRule(scope constructs.Construct, id *string, props *TopicRuleProps) TopicRule

Experimental.

type TopicRuleProps 

type TopicRuleProps struct {
	// A simplified SQL syntax to filter messages received on an MQTT topic and push the data elsewhere.
	// See: https://docs.aws.amazon.com/iot/latest/developerguide/iot-sql-reference.html
	//
	// Experimental.
	Sql IotSql `field:"required" json:"sql" yaml:"sql"`
	// The actions associated with the topic rule.
	// Default: No actions will be perform.
	//
	// Experimental.
	Actions *[]IAction `field:"optional" json:"actions" yaml:"actions"`
	// A textual description of the topic rule.
	// Default: None.
	//
	// Experimental.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Specifies whether the rule is enabled.
	// Default: true.
	//
	// Experimental.
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// The action AWS IoT performs when it is unable to perform a rule's action.
	// Default: - no action will be performed.
	//
	// Experimental.
	ErrorAction IAction `field:"optional" json:"errorAction" yaml:"errorAction"`
	// The name of the topic rule.
	// Default: None.
	//
	// Experimental.
	TopicRuleName *string `field:"optional" json:"topicRuleName" yaml:"topicRuleName"`
}

Properties for defining an AWS IoT Rule.

Example: 

import sns "github.com/aws/aws-cdk-go/awscdk"

topic := sns.NewTopic(this, jsii.String("MyTopic"))

topicRule := iot.NewTopicRule(this, jsii.String("TopicRule"), &TopicRuleProps{
	Sql: iot.IotSql_FromStringAsVer20160323(jsii.String("SELECT topic(2) as device_id, year, month, day FROM 'device/+/data'")),
	Actions: []iAction{
		actions.NewSnsTopicAction(topic, &SnsTopicActionProps{
			MessageFormat: actions.SnsActionMessageFormat_JSON,
		}),
	},
})

Experimental.

Source Files

View all Source files

Directories

Path Synopsis
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
 Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.