Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(iot): scheduled audit #31776

Merged
merged 11 commits into from
Oct 21, 2024
Merged

feat(iot): scheduled audit #31776

merged 11 commits into from
Oct 21, 2024

Conversation

badmintoncryer
Copy link
Contributor

@badmintoncryer badmintoncryer commented Oct 16, 2024
edited
Loading

Issue # (if applicable)

Closes #31779.

Reason for this change

Cloudformation supports for creating AWS IoT scheduled audit but AWS CDK does not.

Description of changes

  • Define ScheduledAudit construct

Cloudformation does not support two audit checks. Therefore I have not implemented these checks in the AuditCheck enum.

  • INTERMEDIATE_CA_REVOKED_FOR_ACTIVE_DEVICE_CERTIFICATES_CHECK
  • IOT_POLICY_POTENTIAL_MIS_CONFIGURATION_CHECK

If we try to deploy these checks, the deployment will fail.

Resource handler returned message: "Request contains an invalid Audit Check Name. (Service: Iot, Status Code: 400, Request ID: 3fb58c68-2845-4cc0-882c-7d9b5495ff2a)" (RequestToken: dcb09acd-609f-dfe5-7b63-6eb208052949, HandlerErrorCode: InvalidRequest)

Description of how you validated changes

Added both unit and integ tests.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label Oct 16, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team October 16, 2024 11:20
@github-actions github-actions bot added the distinguished-contributor [Pilot] contributed 50+ PRs to the CDK label Oct 16, 2024
aws-cdk-automation
aws-cdk-automation previously requested changes Oct 16, 2024
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@badmintoncryer badmintoncryer changed the title Scheduled audit feat(iot): scheduled audit Oct 16, 2024
@badmintoncryer badmintoncryer marked this pull request as ready for review October 16, 2024 12:32
@aws-cdk-automation aws-cdk-automation dismissed their stale review October 16, 2024 12:34

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@github-actions github-actions bot added the feature-request A feature should be added or improved. label Oct 16, 2024
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Oct 16, 2024
GavinZZ
GavinZZ previously requested changes Oct 18, 2024
View reviewed changes
Copy link
Contributor

@GavinZZ GavinZZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some minor feedback

packages/@aws-cdk/aws-iot-alpha/lib/scheduled-audit.ts Show resolved Hide resolved
packages/@aws-cdk/aws-iot-alpha/README.md Outdated
Comment on lines 176 to 179
// Add a dependency because a `ScheduledAudit` needs to be created after the `AccountAuditConfiguration` is set up.
dailyAudit.node.addDependency(config);
weeklyAudit.node.addDependency(config);
monthlyAudit.node.addDependency(config);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we make config a required property of ScheduledAudit since it seems that we always need to set it as a dependency.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds great! I've updated my code.

@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Oct 18, 2024
@mergify mergify bot dismissed GavinZZ’s stale review October 18, 2024 22:33

Pull request has been modified.

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Oct 19, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Oct 21, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Oct 21, 2024
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: f48523c
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 366b492 into aws:main Oct 21, 2024
12 checks passed
@mergify Mergify
Copy link
Contributor

mergify bot commented Oct 21, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 21, 2024
@badmintoncryer badmintoncryer deleted the scheduledAudit branch October 21, 2024 22:07
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@GavinZZ GavinZZ GavinZZ approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees
No one assigned
Labels
distinguished-contributor [Pilot] contributed 50+ PRs to the CDK feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

iot: support for scheduled audit configuration
3 participants
@badmintoncryer @aws-cdk-automation @GavinZZ