1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. securityhub
  5. ConfigurationPolicy

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.securityhub.ConfigurationPolicy

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    The AWS::SecurityHub::ConfigurationPolicy resource represents the Central Configuration Policy in your account.

    Create ConfigurationPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ConfigurationPolicy(name: string, args: ConfigurationPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def ConfigurationPolicy(resource_name: str,
                            args: ConfigurationPolicyArgs,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def ConfigurationPolicy(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            configuration_policy: Optional[ConfigurationPolicyPolicyArgs] = None,
                            description: Optional[str] = None,
                            name: Optional[str] = None,
                            tags: Optional[Mapping[str, str]] = None)
    func NewConfigurationPolicy(ctx *Context, name string, args ConfigurationPolicyArgs, opts ...ResourceOption) (*ConfigurationPolicy, error)
    public ConfigurationPolicy(string name, ConfigurationPolicyArgs args, CustomResourceOptions? opts = null)
    public ConfigurationPolicy(String name, ConfigurationPolicyArgs args)
    public ConfigurationPolicy(String name, ConfigurationPolicyArgs args, CustomResourceOptions options)
    
    type: aws-native:securityhub:ConfigurationPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ConfigurationPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ConfigurationPolicy resource accepts the following input properties:

    ConfigurationPolicyValue Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicyPolicy
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    Description string
    The description of the configuration policy.
    Name string
    The name of the configuration policy.
    Tags Dictionary<string, string>
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    ConfigurationPolicy ConfigurationPolicyPolicyArgs
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    Description string
    The description of the configuration policy.
    Name string
    The name of the configuration policy.
    Tags map[string]string
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    configurationPolicy ConfigurationPolicyPolicy
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    description String
    The description of the configuration policy.
    name String
    The name of the configuration policy.
    tags Map<String,String>
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    configurationPolicy ConfigurationPolicyPolicy
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    description string
    The description of the configuration policy.
    name string
    The name of the configuration policy.
    tags {[key: string]: string}
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    configuration_policy ConfigurationPolicyPolicyArgs
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    description str
    The description of the configuration policy.
    name str
    The name of the configuration policy.
    tags Mapping[str, str]
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    configurationPolicy Property Map
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    description String
    The description of the configuration policy.
    name String
    The name of the configuration policy.
    tags Map<String>
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ConfigurationPolicy resource produces the following output properties:

    Arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    AwsId string
    The universally unique identifier (UUID) of the configuration policy.
    CreatedAt string
    The date and time, in UTC and ISO 8601 format.
    Id string
    The provider-assigned unique ID for this managed resource.
    ServiceEnabled bool
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    UpdatedAt string
    The date and time, in UTC and ISO 8601 format.
    Arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    AwsId string
    The universally unique identifier (UUID) of the configuration policy.
    CreatedAt string
    The date and time, in UTC and ISO 8601 format.
    Id string
    The provider-assigned unique ID for this managed resource.
    ServiceEnabled bool
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    UpdatedAt string
    The date and time, in UTC and ISO 8601 format.
    arn String
    The Amazon Resource Name (ARN) of the configuration policy.
    awsId String
    The universally unique identifier (UUID) of the configuration policy.
    createdAt String
    The date and time, in UTC and ISO 8601 format.
    id String
    The provider-assigned unique ID for this managed resource.
    serviceEnabled Boolean
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    updatedAt String
    The date and time, in UTC and ISO 8601 format.
    arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    awsId string
    The universally unique identifier (UUID) of the configuration policy.
    createdAt string
    The date and time, in UTC and ISO 8601 format.
    id string
    The provider-assigned unique ID for this managed resource.
    serviceEnabled boolean
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    updatedAt string
    The date and time, in UTC and ISO 8601 format.
    arn str
    The Amazon Resource Name (ARN) of the configuration policy.
    aws_id str
    The universally unique identifier (UUID) of the configuration policy.
    created_at str
    The date and time, in UTC and ISO 8601 format.
    id str
    The provider-assigned unique ID for this managed resource.
    service_enabled bool
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    updated_at str
    The date and time, in UTC and ISO 8601 format.
    arn String
    The Amazon Resource Name (ARN) of the configuration policy.
    awsId String
    The universally unique identifier (UUID) of the configuration policy.
    createdAt String
    The date and time, in UTC and ISO 8601 format.
    id String
    The provider-assigned unique ID for this managed resource.
    serviceEnabled Boolean
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    updatedAt String
    The date and time, in UTC and ISO 8601 format.

    Supporting Types

    ConfigurationPolicyParameterConfiguration, ConfigurationPolicyParameterConfigurationArgs

    ValueType Pulumi.AwsNative.SecurityHub.ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    Value Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicyParameterValue
    ValueType ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    Value ConfigurationPolicyParameterValue
    valueType ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    value ConfigurationPolicyParameterValue
    valueType ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    value ConfigurationPolicyParameterValue
    value_type ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    value ConfigurationPolicyParameterValue
    valueType "DEFAULT" | "CUSTOM"
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    value Property Map

    ConfigurationPolicyParameterConfigurationValueType, ConfigurationPolicyParameterConfigurationValueTypeArgs

    Default
    DEFAULT
    Custom
    CUSTOM
    ConfigurationPolicyParameterConfigurationValueTypeDefault
    DEFAULT
    ConfigurationPolicyParameterConfigurationValueTypeCustom
    CUSTOM
    Default
    DEFAULT
    Custom
    CUSTOM
    Default
    DEFAULT
    Custom
    CUSTOM
    DEFAULT
    DEFAULT
    CUSTOM
    CUSTOM
    "DEFAULT"
    DEFAULT
    "CUSTOM"
    CUSTOM

    ConfigurationPolicyParameterValue, ConfigurationPolicyParameterValueArgs

    Boolean bool
    A control parameter that is a boolean.
    Double double
    A control parameter that is a double.
    Enum string
    A control parameter that is an enum.
    EnumList List<string>
    A control parameter that is a list of enums.
    Integer int
    A control parameter that is an integer.
    IntegerList List<int>
    A control parameter that is a list of integers.
    String string
    A control parameter that is a string.
    StringList List<string>
    A control parameter that is a list of strings.
    Boolean bool
    A control parameter that is a boolean.
    Double float64
    A control parameter that is a double.
    Enum string
    A control parameter that is an enum.
    EnumList []string
    A control parameter that is a list of enums.
    Integer int
    A control parameter that is an integer.
    IntegerList []int
    A control parameter that is a list of integers.
    String string
    A control parameter that is a string.
    StringList []string
    A control parameter that is a list of strings.
    boolean_ Boolean
    A control parameter that is a boolean.
    double_ Double
    A control parameter that is a double.
    enumList List<String>
    A control parameter that is a list of enums.
    enum_ String
    A control parameter that is an enum.
    integer Integer
    A control parameter that is an integer.
    integerList List<Integer>
    A control parameter that is a list of integers.
    string String
    A control parameter that is a string.
    stringList List<String>
    A control parameter that is a list of strings.
    boolean boolean
    A control parameter that is a boolean.
    double number
    A control parameter that is a double.
    enum string
    A control parameter that is an enum.
    enumList string[]
    A control parameter that is a list of enums.
    integer number
    A control parameter that is an integer.
    integerList number[]
    A control parameter that is a list of integers.
    string string
    A control parameter that is a string.
    stringList string[]
    A control parameter that is a list of strings.
    boolean bool
    A control parameter that is a boolean.
    double float
    A control parameter that is a double.
    enum str
    A control parameter that is an enum.
    enum_list Sequence[str]
    A control parameter that is a list of enums.
    integer int
    A control parameter that is an integer.
    integer_list Sequence[int]
    A control parameter that is a list of integers.
    string str
    A control parameter that is a string.
    string_list Sequence[str]
    A control parameter that is a list of strings.
    boolean Boolean
    A control parameter that is a boolean.
    double Number
    A control parameter that is a double.
    enum String
    A control parameter that is an enum.
    enumList List<String>
    A control parameter that is a list of enums.
    integer Number
    A control parameter that is an integer.
    integerList List<Number>
    A control parameter that is a list of integers.
    string String
    A control parameter that is a string.
    stringList List<String>
    A control parameter that is a list of strings.

    ConfigurationPolicyPolicy, ConfigurationPolicyPolicyArgs

    SecurityHub Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    SecurityHub ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    securityHub ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    securityHub ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    security_hub ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    securityHub Property Map
    The AWS service that the configuration policy applies to.

    ConfigurationPolicySecurityControlCustomParameter, ConfigurationPolicySecurityControlCustomParameterArgs

    Parameters Dictionary<string, Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicyParameterConfiguration>
    An object that specifies parameter values for a control in a configuration policy.
    SecurityControlId string
    The ID of the security control.
    Parameters map[string]ConfigurationPolicyParameterConfiguration
    An object that specifies parameter values for a control in a configuration policy.
    SecurityControlId string
    The ID of the security control.
    parameters Map<String,ConfigurationPolicyParameterConfiguration>
    An object that specifies parameter values for a control in a configuration policy.
    securityControlId String
    The ID of the security control.
    parameters {[key: string]: ConfigurationPolicyParameterConfiguration}
    An object that specifies parameter values for a control in a configuration policy.
    securityControlId string
    The ID of the security control.
    parameters Mapping[str, ConfigurationPolicyParameterConfiguration]
    An object that specifies parameter values for a control in a configuration policy.
    security_control_id str
    The ID of the security control.
    parameters Map<Property Map>
    An object that specifies parameter values for a control in a configuration policy.
    securityControlId String
    The ID of the security control.

    ConfigurationPolicySecurityControlsConfiguration, ConfigurationPolicySecurityControlsConfigurationArgs

    DisabledSecurityControlIdentifiers List<string>
    A list of security controls that are disabled in the configuration policy
    EnabledSecurityControlIdentifiers List<string>
    A list of security controls that are enabled in the configuration policy.
    SecurityControlCustomParameters List<Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityControlCustomParameter>
    A list of security controls and control parameter values that are included in a configuration policy.
    DisabledSecurityControlIdentifiers []string
    A list of security controls that are disabled in the configuration policy
    EnabledSecurityControlIdentifiers []string
    A list of security controls that are enabled in the configuration policy.
    SecurityControlCustomParameters []ConfigurationPolicySecurityControlCustomParameter
    A list of security controls and control parameter values that are included in a configuration policy.
    disabledSecurityControlIdentifiers List<String>
    A list of security controls that are disabled in the configuration policy
    enabledSecurityControlIdentifiers List<String>
    A list of security controls that are enabled in the configuration policy.
    securityControlCustomParameters List<ConfigurationPolicySecurityControlCustomParameter>
    A list of security controls and control parameter values that are included in a configuration policy.
    disabledSecurityControlIdentifiers string[]
    A list of security controls that are disabled in the configuration policy
    enabledSecurityControlIdentifiers string[]
    A list of security controls that are enabled in the configuration policy.
    securityControlCustomParameters ConfigurationPolicySecurityControlCustomParameter[]
    A list of security controls and control parameter values that are included in a configuration policy.
    disabled_security_control_identifiers Sequence[str]
    A list of security controls that are disabled in the configuration policy
    enabled_security_control_identifiers Sequence[str]
    A list of security controls that are enabled in the configuration policy.
    security_control_custom_parameters Sequence[ConfigurationPolicySecurityControlCustomParameter]
    A list of security controls and control parameter values that are included in a configuration policy.
    disabledSecurityControlIdentifiers List<String>
    A list of security controls that are disabled in the configuration policy
    enabledSecurityControlIdentifiers List<String>
    A list of security controls that are enabled in the configuration policy.
    securityControlCustomParameters List<Property Map>
    A list of security controls and control parameter values that are included in a configuration policy.

    ConfigurationPolicySecurityHubPolicy, ConfigurationPolicySecurityHubPolicyArgs

    EnabledStandardIdentifiers List<string>
    A list that defines which security standards are enabled in the configuration policy.
    SecurityControlsConfiguration Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    ServiceEnabled bool
    Indicates whether Security Hub is enabled in the policy.
    EnabledStandardIdentifiers []string
    A list that defines which security standards are enabled in the configuration policy.
    SecurityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    ServiceEnabled bool
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardIdentifiers List<String>
    A list that defines which security standards are enabled in the configuration policy.
    securityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    serviceEnabled Boolean
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardIdentifiers string[]
    A list that defines which security standards are enabled in the configuration policy.
    securityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    serviceEnabled boolean
    Indicates whether Security Hub is enabled in the policy.
    enabled_standard_identifiers Sequence[str]
    A list that defines which security standards are enabled in the configuration policy.
    security_controls_configuration ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    service_enabled bool
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardIdentifiers List<String>
    A list that defines which security standards are enabled in the configuration policy.
    securityControlsConfiguration Property Map

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    serviceEnabled Boolean
    Indicates whether Security Hub is enabled in the policy.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi