aws-cloudformation · anton-aws · Dec 19, 2020 · Nov 4, 2020 · Dec 1, 2020 · Dec 2, 2020
diff --git a/aws-iot-mitigationaction/.gitignore b/aws-iot-mitigationaction/.gitignore
@@ -0,0 +1,23 @@
+# macOS
+.DS_Store
+._*
+
+# Maven outputs
+.classpath
+
+# IntelliJ
+*.iml
+.idea
+out.java
+out/
+.settings
+.project
+
+# auto-generated files
+target/
+
+# our logs
+rpdk.log
+
+# contains credentials
+sam-tests/
diff --git a/aws-iot-mitigationaction/.rpdk-config b/aws-iot-mitigationaction/.rpdk-config
@@ -0,0 +1,17 @@
+{
+    "typeName": "AWS::IoT::MitigationAction",
+    "language": "java",
+    "runtime": "java8",
+    "entrypoint": "com.amazonaws.iot.mitigationaction.HandlerWrapper::handleRequest",
+    "testEntrypoint": "com.amazonaws.iot.mitigationaction.HandlerWrapper::testEntrypoint",
+    "settings": {
+        "namespace": [
+            "com",
+            "amazonaws",
+            "iot",
+            "mitigationaction"
+        ],
+        "codegen_template_path": "guided_aws",
+        "protocolVersion": "2.0.0"
+    }
+}
diff --git a/aws-iot-mitigationaction/README.md b/aws-iot-mitigationaction/README.md
@@ -0,0 +1,23 @@
+# AWS::IoT::MitigationAction
+
+## Running Contract Tests
+
+You can execute the following commands to run the tests.
+You will need to have docker installed and running.
+
+```bash
+# Create a CloudFormation stack with contract test dependencies (an IAM Role)
+aws cloudformation deploy  \
+--stack-name cfn-contract-test-dependencies-mitigation-action \
+--template-file packaging_additional_published_artifacts/contract_test_dependencies.yml \
+--capabilities CAPABILITY_IAM \
+--region us-east-1
+# Package the code with Maven
+mvn package
+# Start SAM which will execute lambdas in Docker
+sam local start-lambda
+# In a separate terminal, run the contract tests
+cfn test --enforce-timeout 240
+# Execute a single test
+cfn test --enforce-timeout 240 -- -k <testname>
+```
diff --git a/aws-iot-mitigationaction/aws-iot-mitigationaction.json b/aws-iot-mitigationaction/aws-iot-mitigationaction.json
@@ -0,0 +1,253 @@
+{
+  "typeName": "AWS::IoT::MitigationAction",
+  "description": "Mitigation actions can be used to take actions to mitigate issues that were found during an audit.",
+  "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iot.git",
+  "definitions": {
+    "Tag": {
+      "description": "A key-value pair to associate with a resource.",
+      "type": "object",
+      "properties": {
+        "Key": {
+          "type": "string",
+          "description": "The tag's key.",
+          "minLength": 1,
+          "maxLength": 128
+        },
+        "Value": {
+          "type": "string",
+          "description": "The tag's value.",
+          "minLength": 1,
+          "maxLength": 256
+        }
+      },
+      "required": [
+        "Value",
+        "Key"
+      ],
+      "additionalProperties": false
+    },
+    "ActionParams": {
+      "type": "object",
+      "description": "The set of parameters for this mitigation action. You can specify only one type of parameter (in other words, you can apply only one action for each defined mitigation action).",
+      "properties": {
+        "AddThingsToThingGroupParams": {
+          "$ref": "#/definitions/AddThingsToThingGroupParams"
+        },
+        "EnableIoTLoggingParams": {
+          "$ref": "#/definitions/EnableIoTLoggingParams"
+        },
+        "PublishFindingToSnsParams": {
+          "$ref": "#/definitions/PublishFindingToSnsParams"
+        },
+        "ReplaceDefaultPolicyVersionParams": {
+          "$ref": "#/definitions/ReplaceDefaultPolicyVersionParams"
+        },
+        "UpdateCACertificateParams": {
+          "$ref": "#/definitions/UpdateCACertificateParams"
+        },
+        "UpdateDeviceCertificateParams": {
+          "$ref": "#/definitions/UpdateDeviceCertificateParams"
+        }
+      },
+      "additionalProperties": false
+    },
+    "AddThingsToThingGroupParams": {
+      "description": "Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.",
+      "type": "object",
+      "properties": {
+        "OverrideDynamicGroups": {
+          "type": "boolean",
+          "description": "Specifies if this mitigation action can move the things that triggered the mitigation action out of one or more dynamic thing groups."
+        },
+        "ThingGroupNames": {
+          "description": "The list of groups to which you want to add the things that triggered the mitigation action.",
+          "type": "array",
+          "uniqueItems": true,
+          "items": {
+            "type": "string",
+            "minLength": 1,
+            "maxLength": 128
+          },
+          "minItems": 1,
+          "maxItems": 10,
+          "insertionOrder": false
+        }
+      },
+      "required": [
+        "ThingGroupNames"
+      ],
+      "additionalProperties": false
+    },
+    "EnableIoTLoggingParams": {
+      "description": "Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.",
+      "type": "object",
+      "properties": {
+        "LogLevel": {
+          "type": "string",
+          "enum": [
+            "DEBUG",
+            "INFO",
+            "ERROR",
+            "WARN"
+          ],
+          "description": " Specifies which types of information are logged."
+        },
+        "RoleArnForLogging": {
+          "description": " The ARN of the IAM role used for logging.",
+          "type": "string",
+          "minLength": 20,
+          "maxLength": 2048
+        }
+      },
+      "required": [
+        "LogLevel",
+        "RoleArnForLogging"
+      ],
+      "additionalProperties": false
+    },
+    "PublishFindingToSnsParams": {
+      "type": "object",
+      "description": "Parameters, to define a mitigation action that publishes findings to Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.",
+      "properties": {
+        "TopicArn": {
+          "type": "string",
+          "description": "The ARN of the topic to which you want to publish the findings.",
+          "minLength": 20,
+          "maxLength": 2048
+        }
+      },
+      "required": [
+        "TopicArn"
+      ],
+      "additionalProperties": false
+    },
+    "ReplaceDefaultPolicyVersionParams": {
+      "type": "object",
+      "description": "Parameters to define a mitigation action that adds a blank policy to restrict permissions.",
+      "properties": {
+        "TemplateName": {
+          "type": "string",
+          "enum": [
+            "BLANK_POLICY"
+          ]
+        }
+      },
+      "required": [
+        "TemplateName"
+      ],
+      "additionalProperties": false
+    },
+    "UpdateCACertificateParams": {
+      "type": "object",
+      "description": "Parameters to define a mitigation action that changes the state of the CA certificate to inactive.s",
+      "properties": {
+        "Action": {
+          "type": "string",
+          "enum": [
+            "DEACTIVATE"
+          ]
+        }
+      },
+      "required": [
+        "Action"
+      ],
+      "additionalProperties": false
+    },
+    "UpdateDeviceCertificateParams": {
+      "type": "object",
+      "description": "Parameters to define a mitigation action that changes the state of the device certificate to inactive.",
+      "properties": {
+        "Action": {
+          "type": "string",
+          "enum": [
+            "DEACTIVATE"
+          ]
+        }
+      },
+      "required": [
+        "Action"
+      ],
+      "additionalProperties": false
+    }
+  },
+  "properties": {
+    "ActionName": {
+      "description": "A unique identifier for the mitigation action.",
+      "type": "string",
+      "pattern": "[a-zA-Z0-9:_-]+",
+      "minLength": 1,
+      "maxLength": 128
+    },
+    "RoleArn": {
+      "type": "string"
+    },
+    "Tags": {
+      "type": "array",
+      "maxItems": 50,
+      "uniqueItems": true,
+      "insertionOrder": false,
+      "description": "An array of key-value pairs to apply to this resource.",
+      "items": {
+        "$ref": "#/definitions/Tag"
+      }
+    },
+    "ActionParams": {
+      "$ref": "#/definitions/ActionParams"
+    },
+    "MitigationActionArn": {
+      "type": "string"
+    },
+    "MitigationActionId": {
+      "type": "string"
+    }
+  },
+  "additionalProperties": false,
+  "primaryIdentifier": [
+    "/properties/ActionName"
+  ],
+  "required": [
+    "RoleArn",
+    "ActionParams"
+  ],
+  "createOnlyProperties": [
+    "/properties/ActionName"
+  ],
+  "readOnlyProperties": [
+    "/properties/MitigationActionArn",
+    "/properties/MitigationActionId"
+  ],
+  "handlers": {
+    "create": {
+      "permissions": [
+        "iot:CreateMitigationAction",
+        "iam:PassRole"
+      ]
+    },
+    "read": {
+      "permissions": [
+        "iot:DescribeMitigationAction",
+        "iot:ListTagsForResource"
+      ]
+    },
+    "update": {
+      "permissions": [
+        "iot:UpdateMitigationAction",
+        "iot:ListTagsForResource",
+        "iot:UntagResource",
+        "iot:TagResource",
+        "iam:PassRole"
+      ]
+    },
+    "delete": {
+      "permissions": [
+        "iot:DescribeMitigationAction",
+        "iot:DeleteMitigationAction"
+      ]
+    },
+    "list": {
+      "permissions": [
+        "iot:ListMitigationActions"
+      ]
+    }
+  }
+}
diff --git a/aws-iot-mitigationaction/inputs/inputs_1_create.json b/aws-iot-mitigationaction/inputs/inputs_1_create.json
@@ -0,0 +1,15 @@
+{
+  "ActionName": "CfnContractTest",
+  "RoleArn": "{{RoleForDeviceDefenderAuditArn}}",
+  "ActionParams": {
+    "PublishFindingToSnsParams": {
+      "TopicArn": "{{TopicForDeviceDefenderAuditCreateArn}}"
+    }
+  },
+  "Tags": [
+    {
+      "Key": "testTagKey",
+      "Value": "tagValue"
+    }
+  ]
+}
diff --git a/aws-iot-mitigationaction/inputs/inputs_1_invalid.json b/aws-iot-mitigationaction/inputs/inputs_1_invalid.json
@@ -0,0 +1,10 @@
+{
+  "ActionName": "CfnContractTest",
+  "RoleArn": "{{RoleForDeviceDefenderAuditArn}}",
+  "ActionParams": {
+    "PublishFindingToSnsParams": {
+      "TopicArn": "{{TopicForDeviceDefenderAuditCreateArn}}"
+    }
+  },
+  "MitigationActionId": "This is a read only property"
+}
diff --git a/aws-iot-mitigationaction/inputs/inputs_1_update.json b/aws-iot-mitigationaction/inputs/inputs_1_update.json
@@ -0,0 +1,9 @@
+{
+  "ActionName": "CfnContractTest",
+  "RoleArn": "{{RoleForDeviceDefenderAuditArn}}",
+  "ActionParams": {
+    "PublishFindingToSnsParams": {
+      "TopicArn": "{{TopicForDeviceDefenderAuditUpdateArn}}"
+    }
+  }
+}
diff --git a/aws-iot-mitigationaction/lombok.config b/aws-iot-mitigationaction/lombok.config
@@ -0,0 +1 @@
+lombok.addLombokGeneratedAnnotation = true