feat(client-iot): AWS IoT - AWS IoT Device Defender adds support for a new Device Defender Audit Check that monitors device certificate age and custom threshold configurations for both the new device certificate age check and existing device certificate expiry check.

Author: awstools

clients/client-iot/src/commands/DescribeAccountAuditConfigurationCommand.ts

@@ -61,6 +61,9 @@ export interface DescribeAccountAuditConfigurationCommandOutput
  * //   auditCheckConfigurations: { // AuditCheckConfigurations
  * //     "<keys>": { // AuditCheckConfiguration
  * //       enabled: true || false,
+ * //       configuration: { // CheckCustomConfiguration
+ * //         "<keys>": "STRING_VALUE",
+ * //       },
  * //     },
  * //   },
  * // };

clients/client-iot/src/commands/ListCustomMetricsCommand.ts

@@ -6,7 +6,8 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient";
-import { ListCustomMetricsRequest, ListCustomMetricsResponse } from "../models/models_1";
+import { ListCustomMetricsRequest } from "../models/models_1";
+import { ListCustomMetricsResponse } from "../models/models_2";
 import { de_ListCustomMetricsCommand, se_ListCustomMetricsCommand } from "../protocols/Aws_restJson1";
 
 /**

clients/client-iot/src/commands/UpdateAccountAuditConfigurationCommand.ts

@@ -55,6 +55,9 @@ export interface UpdateAccountAuditConfigurationCommandOutput
  *   auditCheckConfigurations: { // AuditCheckConfigurations
  *     "<keys>": { // AuditCheckConfiguration
  *       enabled: true || false,
+ *       configuration: { // CheckCustomConfiguration
+ *         "<keys>": "STRING_VALUE",
+ *       },
  *     },
  *   },
  * };

clients/client-iot/src/models/models_0.ts

@@ -2767,6 +2767,20 @@ export interface AttributePayload {
   merge?: boolean | undefined;
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const ConfigName = {
+  CERT_AGE_THRESHOLD_IN_DAYS: "CERT_AGE_THRESHOLD_IN_DAYS",
+  CERT_EXPIRATION_THRESHOLD_IN_DAYS: "CERT_EXPIRATION_THRESHOLD_IN_DAYS",
+} as const;
+
+/**
+ * @public
+ */
+export type ConfigName = (typeof ConfigName)[keyof typeof ConfigName];
+
 /**
  * <p>Which audit checks are enabled and disabled for this account.</p>
  * @public
@@ -2777,6 +2791,12 @@ export interface AuditCheckConfiguration {
    * @public
    */
   enabled?: boolean | undefined;
+
+  /**
+   * <p>A structure containing the configName and corresponding configValue for configuring audit checks.</p>
+   * @public
+   */
+  configuration?: Partial<Record<ConfigName, string>> | undefined;
 }
 
 /**
@@ -7975,36 +7995,6 @@ export const TopicRuleDestinationStatus = {
  */
 export type TopicRuleDestinationStatus = (typeof TopicRuleDestinationStatus)[keyof typeof TopicRuleDestinationStatus];
 
-/**
- * <p>The properties of a virtual private cloud (VPC) destination.</p>
- * @public
- */
-export interface VpcDestinationProperties {
-  /**
-   * <p>The subnet IDs of the VPC destination.</p>
-   * @public
-   */
-  subnetIds?: string[] | undefined;
-
-  /**
-   * <p>The security groups of the VPC destination.</p>
-   * @public
-   */
-  securityGroups?: string[] | undefined;
-
-  /**
-   * <p>The ID of the VPC.</p>
-   * @public
-   */
-  vpcId?: string | undefined;
-
-  /**
-   * <p>The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).</p>
-   * @public
-   */
-  roleArn?: string | undefined;
-}
-
 /**
  * @internal
  */

clients/client-iot/src/models/models_1.ts

@@ -78,9 +78,38 @@ import {
   TlsConfig,
   TopicRuleDestinationStatus,
   VerificationState,
-  VpcDestinationProperties,
 } from "./models_0";
 
+/**
+ * <p>The properties of a virtual private cloud (VPC) destination.</p>
+ * @public
+ */
+export interface VpcDestinationProperties {
+  /**
+   * <p>The subnet IDs of the VPC destination.</p>
+   * @public
+   */
+  subnetIds?: string[] | undefined;
+
+  /**
+   * <p>The security groups of the VPC destination.</p>
+   * @public
+   */
+  securityGroups?: string[] | undefined;
+
+  /**
+   * <p>The ID of the VPC.</p>
+   * @public
+   */
+  vpcId?: string | undefined;
+
+  /**
+   * <p>The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).</p>
+   * @public
+   */
+  roleArn?: string | undefined;
+}
+
 /**
  * <p>A topic rule destination.</p>
  * @public
@@ -7446,28 +7475,6 @@ export interface ListCustomMetricsRequest {
   maxResults?: number | undefined;
 }
 
-/**
- * @public
- */
-export interface ListCustomMetricsResponse {
-  /**
-   * <p>
-   *       The name of the custom metric.
-   *     </p>
-   * @public
-   */
-  metricNames?: string[] | undefined;
-
-  /**
-   * <p>
-   *       A token that can be used to retrieve the next set of results,
-   *       or <code>null</code> if there are no additional results.
-   *     </p>
-   * @public
-   */
-  nextToken?: string | undefined;
-}
-
 /**
  * @internal
  */

clients/client-iot/src/models/models_2.ts

@@ -86,6 +86,28 @@ import {
   ViolationEventOccurrenceRange,
 } from "./models_1";
 
+/**
+ * @public
+ */
+export interface ListCustomMetricsResponse {
+  /**
+   * <p>
+   *       The name of the custom metric.
+   *     </p>
+   * @public
+   */
+  metricNames?: string[] | undefined;
+
+  /**
+   * <p>
+   *       A token that can be used to retrieve the next set of results,
+   *       or <code>null</code> if there are no additional results.
+   *     </p>
+   * @public
+   */
+  nextToken?: string | undefined;
+}
+
 /**
  * @public
  */

clients/client-iot/src/protocols/Aws_restJson1.ts

@@ -820,6 +820,7 @@ import {
   CommandParameter,
   CommandParameterValue,
   CommandPayload,
+  ConfigName,
   ConflictException,
   ConflictingResourceUpdateException,
   CustomCodeSigning,
@@ -13417,6 +13418,8 @@ const se_Behaviors = (input: Behavior[], context: __SerdeContext): any => {
 
 // se_CertificateProviderAccountDefaultForOperations omitted.
 
+// se_CheckCustomConfiguration omitted.
+
 // se_Cidrs omitted.
 
 // se_ClientCertificateConfig omitted.
@@ -14367,6 +14370,8 @@ const de_CertificateValidity = (output: any, context: __SerdeContext): Certifica
   }) as any;
 };
 
+// de_CheckCustomConfiguration omitted.
+
 // de_Cidrs omitted.
 
 // de_ClientCertificateConfig omitted.

codegen/sdk-codegen/aws-models/iot.json

@@ -3346,6 +3346,12 @@
             "smithy.api#default": false,
             "smithy.api#documentation": "<p>True if this audit check is enabled for this account.</p>"
           }
+        },
+        "configuration": {
+          "target": "com.amazonaws.iot#CheckCustomConfiguration",
+          "traits": {
+            "smithy.api#documentation": "<p>A structure containing the configName and corresponding configValue for configuring audit checks.</p>"
+          }
         }
       },
       "traits": {
@@ -5943,6 +5949,15 @@
     "com.amazonaws.iot#CheckCompliant": {
       "type": "boolean"
     },
+    "com.amazonaws.iot#CheckCustomConfiguration": {
+      "type": "map",
+      "key": {
+        "target": "com.amazonaws.iot#ConfigName"
+      },
+      "value": {
+        "target": "com.amazonaws.iot#ConfigValue"
+      }
+    },
     "com.amazonaws.iot#Cidr": {
       "type": "string",
       "traits": {
@@ -6767,6 +6782,32 @@
         }
       }
     },
+    "com.amazonaws.iot#ConfigName": {
+      "type": "enum",
+      "members": {
+        "CERT_AGE_THRESHOLD_IN_DAYS": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "CERT_AGE_THRESHOLD_IN_DAYS"
+          }
+        },
+        "CERT_EXPIRATION_THRESHOLD_IN_DAYS": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "CERT_EXPIRATION_THRESHOLD_IN_DAYS"
+          }
+        }
+      }
+    },
+    "com.amazonaws.iot#ConfigValue": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 64
+        }
+      }
+    },
     "com.amazonaws.iot#Configuration": {
       "type": "structure",
       "members": {