feat(iot): device certificate age check audit configuration #33816
Conversation
github-actions
bot
added
the
distinguished-contributor
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #33816 +/- ##
==========================================
+ Coverage 83.98% 84.00% +0.01%
==========================================
Files 120 121 +1
Lines 6976 6984 +8
Branches 1178 1179 +1
==========================================
+ Hits 5859 5867 +8
Misses 1005 1005
Partials 112 112
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
aws-cdk-automation
added
the
pr/needs-community-review
| * The duration used to check if a device certificate has been active | ||
| * for a number of days greater than or equal to the number you specify. | ||
| * | ||
| * Valid values are between 30 and 3652 days. |
There was a problem hiding this comment.
CFn docs say the min is 1 and the max is 64. Just to confirm — this is clearly a mistake in the docs, right?
There was a problem hiding this comment.
@mazyu36
Thank you for pointing this out!
At the time of creation, the CloudFormation specification was supposed to be 30-3652 days. It seems the specifications have changed...
I will test what settings are actually possible and make various adjustments accordingly.
There was a problem hiding this comment.
The official documentation states that the valid range is 30 to 3652 days, which matches what is shown in the management console.
Therefore, I think the cfn document may be wrong.
There was a problem hiding this comment.
I created a new issue in the cloudformation roadmap.
aws-cdk-automation
added
pr/needs-maintainer-review
There was a problem hiding this comment.
Just a couple of description changes, otherwise LGTM! Thanks @badmintoncryer for the contribution and @mazyu36 for the review!
|
@Mergifyio update |
✅ Branch has been successfully updated |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
4 participants
Issue # (if applicable)
None
Reason for this change
AWS IoT now supports for new audit configuration about device certificate age check.
https://docs.aws.amazon.com/iot-device-defender/latest/devguide/device-certificate-age-check.html
Description of changes
deviceCertificateAgeChecktoCheckConfigurationdeviceCertificateAgeCheckDurationtoCheckConfigurationDescribe any new or updated permissions being added
None
Description of how you validated changes
Add both unit and integ tests
Checklist
BREAKING CHANGE: By default,
deviceDertificateAgeCheckis automatically enabled.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license