in source/resources/helper/lib/iot-helper.js [202:323]
updateIoTDeviceDefender(action, snsRoleArn, snsTargetArn, auditRoleArn) {
Logger.log(
Logger.levels.ROBUST,
`iotHelper - updateIoTDeviceDefender`
);
// Handling Promise Rejection
process.on('unhandledRejection', error => {
throw error;
});
return new Promise((resolve, reject) => {
let iot = new AWS.Iot({
region: process.env.AWS_REGION,
});
let scheduledAuditName = 'SmartProductDeviceDefenderAudit';
if ('Create' === action) {
// Updates Account Audit Configuration
let params = {
auditCheckConfigurations: {
REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK: {
enabled: true
},
REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK: {
enabled: true
},
DEVICE_CERTIFICATE_SHARED_CHECK: {
enabled: true
},
LOGGING_DISABLED_CHECK: {
enabled: true
},
AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK: {
enabled: true
},
UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK: {
enabled: true
},
CONFLICTING_CLIENT_IDS_CHECK: {
enabled: true
},
DEVICE_CERTIFICATE_EXPIRING_CHECK: {
enabled: true
},
IOT_POLICY_OVERLY_PERMISSIVE_CHECK: {
enabled: true
},
CA_CERTIFICATE_EXPIRING_CHECK: {
enabled: true
}
},
auditNotificationTargetConfigurations: {
SNS: {
enabled: true,
roleArn: snsRoleArn,
targetArn: snsTargetArn
}
},
roleArn: auditRoleArn
};
iot.updateAccountAuditConfiguration(params, (err, _data) => {
if (err) {
Logger.error(
Logger.levels.INFO,
`${err}`
);
reject(`Error to update account audit configuration: ${action}`);
} else {
// Creates scheduled audit
params = {
frequency: "DAILY",
scheduledAuditName: scheduledAuditName,
targetCheckNames: [
"CONFLICTING_CLIENT_IDS_CHECK",
"DEVICE_CERTIFICATE_SHARED_CHECK",
"AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK",
"DEVICE_CERTIFICATE_EXPIRING_CHECK",
"CA_CERTIFICATE_EXPIRING_CHECK",
"UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK",
"LOGGING_DISABLED_CHECK",
"IOT_POLICY_OVERLY_PERMISSIVE_CHECK",
"REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK",
"REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK"
]
}
iot.createScheduledAudit(params, (err, data) => {
if (err) {
Logger.error(
Logger.levels.INFO,
`${err}`
);
reject('Error to create scheduled audit');
} else {
resolve(data);
}
});
}
});
} else if ('Delete' === action) {
// Deletes account audit configuration & scheduled audit
let params = {
deleteScheduledAudits: true
};
iot.deleteAccountAuditConfiguration(params, function (err, data) {
if (err) {
Logger.error(
Logger.levels.INFO,
`${err}`
);
reject('Error to delete account audit configuration and scheduled audit');
} else {
resolve(data);
}
});
} else {
reject(`Unsupported action to update IoT search index: ${action}`);
}
});
}