AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-04-11 · Documentation low

File: AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.md

Summary

Fixed typo in 'available audit checks' and reformatted JSON/YAML examples for improved readability

Security assessment

Changes are typo corrections and code formatting improvements. The audit checks described are existing security features, but no new security documentation was added.

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.md b/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.md
index 42bac9634..3781b72e7 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.md
@@ -68 +68 @@ You can't disable a check if it's used by any scheduled audit. You must delete t
-For more information on avialbe auidt checks see [AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html)
+For more information on available audit checks see [AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html)
@@ -115,22 +115,72 @@ When you pass the logical ID of this resource to the intrinsic `Ref` function, `
-     { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon
-                Web Services IoT AccountAuditConfiguration Sample Template", "Resources": {
-                "MyAccountAuditConfiguration": { "Type": "AWS::IoT::AccountAuditConfiguration",
-                "Properties": { "AccountId": "${AWS::AccountId}", "AuditCheckConfigurations": {
-                "AuthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true },
-                "CaCertificateExpiringCheck": { "Enabled": true }, "CaCertificateKeyQualityCheck": {
-                "Enabled": true }, "ConflictingClientIdsCheck": { "Enabled": true },
-                "DeviceCertificateAgeCheck": { "Enabled": true, "Configuration": {
-                "CertAgeThresholdInDays": 60 } },
-                "DeviceCertificateExpiringCheck": { "Enabled": true, "Configuration": {
-                "CertExpirationThresholdInDays": 30 } },
-                "DeviceCertificateKeyQualityCheck": { "Enabled": true }, "DeviceCertificateSharedCheck":
-                { "Enabled": true }, "IotPolicyOverlyPermissiveCheck": { "Enabled": true },
-                "IotRoleAliasAllowsAccessToUnusedServicesCheck": { "Enabled": true },
-                "IotRoleAliasOverlyPermissiveCheck": { "Enabled": true }, "LoggingDisabledCheck": {
-                "Enabled": true }, "RevokedCaCertificateStillActiveCheck": { "Enabled": true },
-                "RevokedDeviceCertificateStillActiveCheck": { "Enabled": true },
-                "UnauthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true } },
-                "AuditNotificationTargetConfigurations": { "Sns": { "TargetArn":
-                "arn:aws:sns:us-east-1:123456789012:AuditNotifications", "RoleArn":
-                "arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications", "Enabled": true } },
-                "RoleArn": "arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit" } } }
+    {
+      "AWSTemplateFormatVersion": "2010-09-09",
+      "Description": "Amazon Web Services IoT AccountAuditConfiguration Sample Template",
+      "Resources": {
+        "MyAccountAuditConfiguration": {
+          "Type": "AWS::IoT::AccountAuditConfiguration",
+          "Properties": {
+            "AccountId": "${AWS::AccountId}",
+            "AuditCheckConfigurations": {
+              "AuthenticatedCognitoRoleOverlyPermissiveCheck": {
+                "Enabled": true
+              },
+              "CaCertificateExpiringCheck": {
+                "Enabled": true
+              },
+              "CaCertificateKeyQualityCheck": {
+                "Enabled": true
+              },
+              "ConflictingClientIdsCheck": {
+                "Enabled": true
+              },
+              "DeviceCertificateAgeCheck": {
+                "Enabled": true,
+                "Configuration": {
+                  "CertAgeThresholdInDays": 60
+                }
+              },
+              "DeviceCertificateExpiringCheck": {
+                "Enabled": true,
+                "Configuration": {
+                  "CertExpirationThresholdInDays": 30
+                }
+              },
+              "DeviceCertificateKeyQualityCheck": {
+                "Enabled": true
+              },
+              "DeviceCertificateSharedCheck": {
+                "Enabled": true
+              },
+              "IotPolicyOverlyPermissiveCheck": {
+                "Enabled": true
+              },
+              "IotRoleAliasAllowsAccessToUnusedServicesCheck": {
+                "Enabled": true
+              },
+              "IotRoleAliasOverlyPermissiveCheck": {
+                "Enabled": true
+              },
+              "LoggingDisabledCheck": {
+                "Enabled": true
+              },
+              "RevokedCaCertificateStillActiveCheck": {
+                "Enabled": true
+              },
+              "RevokedDeviceCertificateStillActiveCheck": {
+                "Enabled": true
+              },
+              "UnauthenticatedCognitoRoleOverlyPermissiveCheck": {
+                "Enabled": true
+              }
+            },
+            "AuditNotificationTargetConfigurations": {
+              "Sns": {
+                "TargetArn": "arn:aws:sns:us-east-1:123456789012:AuditNotifications",
+                "RoleArn": "arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications",
+                "Enabled": true
+              }
+            },
+            "RoleArn": "arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit"
+          }
+        }
+      }
@@ -142,19 +192,48 @@ When you pass the logical ID of this resource to the intrinsic `Ref` function, `
-    AWSTemplateFormatVersion: '2010-09-09' Description: Amazon Web
-                Services IoT AccountAuditConfiguration Sample Template Resources:
-                MyAccountAuditConfiguration: Type: 'AWS::IoT::AccountAuditConfiguration' Properties:
-                AccountId: !Sub '${AWS::AccountId}' AuditCheckConfigurations:
-                AuthenticatedCognitoRoleOverlyPermissiveCheck: Enabled: true CaCertificateExpiringCheck:
-                Enabled: true CaCertificateKeyQualityCheck: Enabled: true ConflictingClientIdsCheck:
-                Enabled: true DeviceCertificateAgeCheck: Enabled: true Configuration:
-                CertAgeThresholdInDays: 60 DeviceCertificateExpiringCheck: Enabled: true Configuration:
-                CertExpirationThresholdInDays: 30 DeviceCertificateKeyQualityCheck: Enabled: true
-                DeviceCertificateSharedCheck: Enabled: true IotPolicyOverlyPermissiveCheck: Enabled: true
-                IotRoleAliasAllowsAccessToUnusedServicesCheck: Enabled: true
-                IotRoleAliasOverlyPermissiveCheck: Enabled: true LoggingDisabledCheck: Enabled: true
-                RevokedCaCertificateStillActiveCheck: Enabled: true
-                RevokedDeviceCertificateStillActiveCheck: Enabled: true
-                UnauthenticatedCognitoRoleOverlyPermissiveCheck: Enabled: true
-                AuditNotificationTargetConfigurations: Sns: TargetArn:
-                'arn:aws:sns:us-east-1:123456789012:AuditNotifications' RoleArn:
-                'arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications' Enabled: true RoleArn:
-                'arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit'
+    AWSTemplateFormatVersion: '2010-09-09'
+    Description: Amazon Web Services IoT AccountAuditConfiguration Sample Template
+    Resources:
+      MyAccountAuditConfiguration:
+        Type: 'AWS::IoT::AccountAuditConfiguration'
+        Properties:
+          AccountId: !Sub '${AWS::AccountId}'
+          AuditCheckConfigurations:
+            AuthenticatedCognitoRoleOverlyPermissiveCheck:
+              Enabled: true
+            CaCertificateExpiringCheck:
+              Enabled: true
+            CaCertificateKeyQualityCheck:
+              Enabled: true
+            ConflictingClientIdsCheck:
+              Enabled: true
+            DeviceCertificateAgeCheck:
+              Enabled: true
+              Configuration:
+                CertAgeThresholdInDays: 60
+            DeviceCertificateExpiringCheck:
+              Enabled: true
+              Configuration:
+                CertExpirationThresholdInDays: 30
+            DeviceCertificateKeyQualityCheck:
+              Enabled: true
+            DeviceCertificateSharedCheck:
+              Enabled: true
+            IotPolicyOverlyPermissiveCheck:
+              Enabled: true
+            IotRoleAliasAllowsAccessToUnusedServicesCheck:
+              Enabled: true
+            IotRoleAliasOverlyPermissiveCheck:
+              Enabled: true
+            LoggingDisabledCheck:
+              Enabled: true
+            RevokedCaCertificateStillActiveCheck:
+              Enabled: true
+            RevokedDeviceCertificateStillActiveCheck:
+              Enabled: true
+            UnauthenticatedCognitoRoleOverlyPermissiveCheck:
+              Enabled: true
+          AuditNotificationTargetConfigurations:
+            Sns:
+              TargetArn: 'arn:aws:sns:us-east-1:123456789012:AuditNotifications'
+              RoleArn: 'arn:aws:iam::123456789012:role/RoleForIoTAuditNotifications'
+              Enabled: true
+          RoleArn: 'arn:aws:iam::123456789012:role/service-role/AWSIoTDeviceDefenderAudit'