[ aws . iot ]

describe-audit-finding

Description

Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and the start time when the audit that returned the finding.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  describe-audit-finding
--finding-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--finding-id (string)

A unique identifier for a single audit finding. You can use this identifier to apply mitigation actions to the finding.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To list details for an audit finding

The following describe-audit-finding example lists the details for the specified AWS IoT Device Defender audit finding. An audit can produce multiple findings. Use the list-audit-findings command to get a list of the findings from an audit to get the findingId.

aws iot describe-audit-finding \
    --finding-id "ef4826b8-e55a-44b9-b460-5c485355371b"

Output:

{
    "finding": {
        "findingId": "ef4826b8-e55a-44b9-b460-5c485355371b",
        "taskId": "873ed69c74a9ec8fa9b8e88e9abc4661",
        "checkName": "IOT_POLICY_OVERLY_PERMISSIVE_CHECK",
        "taskStartTime": 1576012045.745,
        "findingTime": 1576012046.168,
        "severity": "CRITICAL",
        "nonCompliantResource": {
            "resourceType": "IOT_POLICY",
            "resourceIdentifier": {
                "policyVersionIdentifier": {
                    "policyName": "smp-ggrass-group_Core-policy",
                    "policyVersionId": "1"
                }
            }
         },
        "reasonForNonCompliance": "Policy allows broad access to IoT data plane actions: [iot:Subscribe, iot:Connect, iot:GetThingShadow, iot:DeleteThingShadow, iot:UpdateThingShadow, iot:Publish].",
        "reasonForNonComplianceCode": "ALLOWS_BROAD_ACCESS_TO_IOT_DATA_PLANE_ACTIONS"
    }
}

For more information, see Check Audit Results (Audit Commands) in the AWS IoT Developer Guide.

Output

finding -> (structure)

The findings (results) of the audit.

findingId -> (string)

A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.

taskId -> (string)

The ID of the audit that generated this result (finding).

checkName -> (string)

The audit check that generated this result.

taskStartTime -> (timestamp)

The time the audit started.

findingTime -> (timestamp)

The time the result (finding) was discovered.

severity -> (string)

The severity of the result (finding).

nonCompliantResource -> (structure)

The resource that was found to be noncompliant with the audit check.

resourceType -> (string)

The type of the noncompliant resource.

resourceIdentifier -> (structure)

Information that identifies the noncompliant resource.

deviceCertificateId -> (string)

The ID of the certificate attached to the resource.

caCertificateId -> (string)

The ID of the CA certificate used to authorize the certificate.

cognitoIdentityPoolId -> (string)

The ID of the Amazon Cognito identity pool.

clientId -> (string)

The client ID.

policyVersionIdentifier -> (structure)

The version of the policy associated with the resource.

policyName -> (string)

The name of the policy.

policyVersionId -> (string)

The ID of the version of the policy associated with the resource.

account -> (string)

The account with which the resource is associated.

iamRoleArn -> (string)

The ARN of the IAM role that has overly permissive actions.

roleAliasArn -> (string)

The ARN of the role alias that has overly permissive actions.

additionalInfo -> (map)

Other information about the noncompliant resource.

key -> (string)

value -> (string)

relatedResources -> (list)

The list of related resources.

(structure)

Information about a related resource.

resourceType -> (string)

The type of resource.

resourceIdentifier -> (structure)

Information that identifies the resource.

deviceCertificateId -> (string)

The ID of the certificate attached to the resource.

caCertificateId -> (string)

The ID of the CA certificate used to authorize the certificate.

cognitoIdentityPoolId -> (string)

The ID of the Amazon Cognito identity pool.

clientId -> (string)

The client ID.

policyVersionIdentifier -> (structure)

The version of the policy associated with the resource.

policyName -> (string)

The name of the policy.

policyVersionId -> (string)

The ID of the version of the policy associated with the resource.

account -> (string)

The account with which the resource is associated.

iamRoleArn -> (string)

The ARN of the IAM role that has overly permissive actions.

roleAliasArn -> (string)

The ARN of the role alias that has overly permissive actions.

additionalInfo -> (map)

Other information about the resource.

key -> (string)

value -> (string)

reasonForNonCompliance -> (string)

The reason the resource was noncompliant.

reasonForNonComplianceCode -> (string)

A code that indicates the reason that the resource was noncompliant.

isSuppressed -> (boolean)

Indicates whether the audit finding was suppressed or not during reporting.