:doc:`IoT <../../iot>` / Client / describe_audit_finding

**********************
describe_audit_finding
**********************



.. py:method:: IoT.Client.describe_audit_finding(**kwargs)

  

  Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and the start time when the audit that returned the finding.

   

  Requires permission to access the `DescribeAuditFinding <https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions>`__ action.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iot-2015-05-28/DescribeAuditFinding>`_  


  **Request Syntax**
  ::

    response = client.describe_audit_finding(
        findingId='string'
    )
    
  :type findingId: string
  :param findingId: **[REQUIRED]** 

    A unique identifier for a single audit finding. You can use this identifier to apply mitigation actions to the finding.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'finding': {
              'findingId': 'string',
              'taskId': 'string',
              'checkName': 'string',
              'taskStartTime': datetime(2015, 1, 1),
              'findingTime': datetime(2015, 1, 1),
              'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
              'nonCompliantResource': {
                  'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE'|'ISSUER_CERTIFICATE',
                  'resourceIdentifier': {
                      'deviceCertificateId': 'string',
                      'caCertificateId': 'string',
                      'cognitoIdentityPoolId': 'string',
                      'clientId': 'string',
                      'policyVersionIdentifier': {
                          'policyName': 'string',
                          'policyVersionId': 'string'
                      },
                      'account': 'string',
                      'iamRoleArn': 'string',
                      'roleAliasArn': 'string',
                      'issuerCertificateIdentifier': {
                          'issuerCertificateSubject': 'string',
                          'issuerId': 'string',
                          'issuerCertificateSerialNumber': 'string'
                      },
                      'deviceCertificateArn': 'string'
                  },
                  'additionalInfo': {
                      'string': 'string'
                  }
              },
              'relatedResources': [
                  {
                      'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE'|'ISSUER_CERTIFICATE',
                      'resourceIdentifier': {
                          'deviceCertificateId': 'string',
                          'caCertificateId': 'string',
                          'cognitoIdentityPoolId': 'string',
                          'clientId': 'string',
                          'policyVersionIdentifier': {
                              'policyName': 'string',
                              'policyVersionId': 'string'
                          },
                          'account': 'string',
                          'iamRoleArn': 'string',
                          'roleAliasArn': 'string',
                          'issuerCertificateIdentifier': {
                              'issuerCertificateSubject': 'string',
                              'issuerId': 'string',
                              'issuerCertificateSerialNumber': 'string'
                          },
                          'deviceCertificateArn': 'string'
                      },
                      'additionalInfo': {
                          'string': 'string'
                      }
                  },
              ],
              'reasonForNonCompliance': 'string',
              'reasonForNonComplianceCode': 'string',
              'isSuppressed': True|False
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **finding** *(dict) --* 

        The findings (results) of the audit.

        
        

        - **findingId** *(string) --* 

          A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.

          
        

        - **taskId** *(string) --* 

          The ID of the audit that generated this result (finding).

          
        

        - **checkName** *(string) --* 

          The audit check that generated this result.

          
        

        - **taskStartTime** *(datetime) --* 

          The time the audit started.

          
        

        - **findingTime** *(datetime) --* 

          The time the result (finding) was discovered.

          
        

        - **severity** *(string) --* 

          The severity of the result (finding).

          
        

        - **nonCompliantResource** *(dict) --* 

          The resource that was found to be noncompliant with the audit check.

          
          

          - **resourceType** *(string) --* 

            The type of the noncompliant resource.

            
          

          - **resourceIdentifier** *(dict) --* 

            Information that identifies the noncompliant resource.

            
            

            - **deviceCertificateId** *(string) --* 

              The ID of the certificate attached to the resource.

              
            

            - **caCertificateId** *(string) --* 

              The ID of the CA certificate used to authorize the certificate.

              
            

            - **cognitoIdentityPoolId** *(string) --* 

              The ID of the Amazon Cognito identity pool.

              
            

            - **clientId** *(string) --* 

              The client ID.

              
            

            - **policyVersionIdentifier** *(dict) --* 

              The version of the policy associated with the resource.

              
              

              - **policyName** *(string) --* 

                The name of the policy.

                
              

              - **policyVersionId** *(string) --* 

                The ID of the version of the policy associated with the resource.

                
          
            

            - **account** *(string) --* 

              The account with which the resource is associated.

              
            

            - **iamRoleArn** *(string) --* 

              The ARN of the IAM role that has overly permissive actions.

              
            

            - **roleAliasArn** *(string) --* 

              The ARN of the role alias that has overly permissive actions.

              
            

            - **issuerCertificateIdentifier** *(dict) --* 

              The issuer certificate identifier.

              
              

              - **issuerCertificateSubject** *(string) --* 

                The subject of the issuer certificate.

                
              

              - **issuerId** *(string) --* 

                The issuer ID.

                
              

              - **issuerCertificateSerialNumber** *(string) --* 

                The issuer certificate serial number.

                
          
            

            - **deviceCertificateArn** *(string) --* 

              The ARN of the identified device certificate.

              
        
          

          - **additionalInfo** *(dict) --* 

            Other information about the noncompliant resource.

            
            

            - *(string) --* 
              

              - *(string) --* 
        
      
      
        

        - **relatedResources** *(list) --* 

          The list of related resources.

          
          

          - *(dict) --* 

            Information about a related resource.

            
            

            - **resourceType** *(string) --* 

              The type of resource.

              
            

            - **resourceIdentifier** *(dict) --* 

              Information that identifies the resource.

              
              

              - **deviceCertificateId** *(string) --* 

                The ID of the certificate attached to the resource.

                
              

              - **caCertificateId** *(string) --* 

                The ID of the CA certificate used to authorize the certificate.

                
              

              - **cognitoIdentityPoolId** *(string) --* 

                The ID of the Amazon Cognito identity pool.

                
              

              - **clientId** *(string) --* 

                The client ID.

                
              

              - **policyVersionIdentifier** *(dict) --* 

                The version of the policy associated with the resource.

                
                

                - **policyName** *(string) --* 

                  The name of the policy.

                  
                

                - **policyVersionId** *(string) --* 

                  The ID of the version of the policy associated with the resource.

                  
            
              

              - **account** *(string) --* 

                The account with which the resource is associated.

                
              

              - **iamRoleArn** *(string) --* 

                The ARN of the IAM role that has overly permissive actions.

                
              

              - **roleAliasArn** *(string) --* 

                The ARN of the role alias that has overly permissive actions.

                
              

              - **issuerCertificateIdentifier** *(dict) --* 

                The issuer certificate identifier.

                
                

                - **issuerCertificateSubject** *(string) --* 

                  The subject of the issuer certificate.

                  
                

                - **issuerId** *(string) --* 

                  The issuer ID.

                  
                

                - **issuerCertificateSerialNumber** *(string) --* 

                  The issuer certificate serial number.

                  
            
              

              - **deviceCertificateArn** *(string) --* 

                The ARN of the identified device certificate.

                
          
            

            - **additionalInfo** *(dict) --* 

              Other information about the resource.

              
              

              - *(string) --* 
                

                - *(string) --* 
          
        
        
      
        

        - **reasonForNonCompliance** *(string) --* 

          The reason the resource was noncompliant.

          
        

        - **reasonForNonComplianceCode** *(string) --* 

          A code that indicates the reason that the resource was noncompliant.

          
        

        - **isSuppressed** *(boolean) --* 

          Indicates whether the audit finding was suppressed or not during reporting.

          
    
  
  **Exceptions**
  
  *   :py:class:`IoT.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`IoT.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`IoT.Client.exceptions.ThrottlingException`

  
  *   :py:class:`IoT.Client.exceptions.InternalFailureException`

  