Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and the start time when the audit that returned the finding.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
describe-audit-finding
--finding-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--finding-id
(string)
A unique identifier for a single audit finding. You can use this identifier to apply mitigation actions to the finding.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To list details for an audit finding
The following describe-audit-finding
example lists the details for the specified AWS IoT Device Defender audit finding. An audit can produce multiple findings. Use the list-audit-findings
command to get a list of the findings from an audit to get the findingId
.
aws iot describe-audit-finding \
--finding-id "ef4826b8-e55a-44b9-b460-5c485355371b"
Output:
{
"finding": {
"findingId": "ef4826b8-e55a-44b9-b460-5c485355371b",
"taskId": "873ed69c74a9ec8fa9b8e88e9abc4661",
"checkName": "IOT_POLICY_OVERLY_PERMISSIVE_CHECK",
"taskStartTime": 1576012045.745,
"findingTime": 1576012046.168,
"severity": "CRITICAL",
"nonCompliantResource": {
"resourceType": "IOT_POLICY",
"resourceIdentifier": {
"policyVersionIdentifier": {
"policyName": "smp-ggrass-group_Core-policy",
"policyVersionId": "1"
}
}
},
"reasonForNonCompliance": "Policy allows broad access to IoT data plane actions: [iot:Subscribe, iot:Connect, iot:GetThingShadow, iot:DeleteThingShadow, iot:UpdateThingShadow, iot:Publish].",
"reasonForNonComplianceCode": "ALLOWS_BROAD_ACCESS_TO_IOT_DATA_PLANE_ACTIONS"
}
}
For more information, see Check Audit Results (Audit Commands) in the AWS IoT Developer Guide.
finding -> (structure)
The findings (results) of the audit.
findingId -> (string)
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId -> (string)
The ID of the audit that generated this result (finding).
checkName -> (string)
The audit check that generated this result.
taskStartTime -> (timestamp)
The time the audit started.
findingTime -> (timestamp)
The time the result (finding) was discovered.
severity -> (string)
The severity of the result (finding).
nonCompliantResource -> (structure)
The resource that was found to be noncompliant with the audit check.
resourceType -> (string)
The type of the noncompliant resource.
resourceIdentifier -> (structure)
Information that identifies the noncompliant resource.
deviceCertificateId -> (string)
The ID of the certificate attached to the resource.
caCertificateId -> (string)
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId -> (string)
The ID of the Amazon Cognito identity pool.
clientId -> (string)
The client ID.
policyVersionIdentifier -> (structure)
The version of the policy associated with the resource.
policyName -> (string)
The name of the policy.
policyVersionId -> (string)
The ID of the version of the policy associated with the resource.
account -> (string)
The account with which the resource is associated.
iamRoleArn -> (string)
The ARN of the IAM role that has overly permissive actions.
roleAliasArn -> (string)
The ARN of the role alias that has overly permissive actions.
additionalInfo -> (map)
Other information about the noncompliant resource.
key -> (string)
value -> (string)
relatedResources -> (list)
The list of related resources.
(structure)
Information about a related resource.
resourceType -> (string)
The type of resource.
resourceIdentifier -> (structure)
Information that identifies the resource.
deviceCertificateId -> (string)
The ID of the certificate attached to the resource.
caCertificateId -> (string)
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId -> (string)
The ID of the Amazon Cognito identity pool.
clientId -> (string)
The client ID.
policyVersionIdentifier -> (structure)
The version of the policy associated with the resource.
policyName -> (string)
The name of the policy.
policyVersionId -> (string)
The ID of the version of the policy associated with the resource.
account -> (string)
The account with which the resource is associated.
iamRoleArn -> (string)
The ARN of the IAM role that has overly permissive actions.
roleAliasArn -> (string)
The ARN of the role alias that has overly permissive actions.
additionalInfo -> (map)
Other information about the resource.
key -> (string)
value -> (string)
reasonForNonCompliance -> (string)
The reason the resource was noncompliant.
reasonForNonComplianceCode -> (string)
A code that indicates the reason that the resource was noncompliant.
isSuppressed -> (boolean)
Indicates whether the audit finding was suppressed or not during reporting.