1. Packages
  2. AWS
  3. API Docs
  4. securityhub
  5. ConfigurationPolicy
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.securityhub.ConfigurationPolicy

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages Security Hub configuration policy

    NOTE: This resource requires aws.securityhub.OrganizationConfiguration to be configured of type CENTRAL. More information about Security Hub central configuration and configuration policies can be found in the How Security Hub configuration policies work documentation.

    Example Usage

    Default standards enabled

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.securityhub.FindingAggregator("example", {linkingMode: "ALL_REGIONS"});
    const exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration("example", {
        autoEnable: false,
        autoEnableStandards: "NONE",
        organizationConfiguration: {
            configurationType: "CENTRAL",
        },
    }, {
        dependsOn: [example],
    });
    const exampleConfigurationPolicy = new aws.securityhub.ConfigurationPolicy("example", {
        name: "Example",
        description: "This is an example configuration policy",
        configurationPolicy: {
            serviceEnabled: true,
            enabledStandardArns: [
                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            ],
            securityControlsConfiguration: {
                disabledControlIdentifiers: [],
            },
        },
    }, {
        dependsOn: [exampleOrganizationConfiguration],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.securityhub.FindingAggregator("example", linking_mode="ALL_REGIONS")
    example_organization_configuration = aws.securityhub.OrganizationConfiguration("example",
        auto_enable=False,
        auto_enable_standards="NONE",
        organization_configuration={
            "configuration_type": "CENTRAL",
        },
        opts = pulumi.ResourceOptions(depends_on=[example]))
    example_configuration_policy = aws.securityhub.ConfigurationPolicy("example",
        name="Example",
        description="This is an example configuration policy",
        configuration_policy={
            "service_enabled": True,
            "enabled_standard_arns": [
                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            ],
            "security_controls_configuration": {
                "disabled_control_identifiers": [],
            },
        },
        opts = pulumi.ResourceOptions(depends_on=[example_organization_configuration]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := securityhub.NewFindingAggregator(ctx, "example", &securityhub.FindingAggregatorArgs{
    			LinkingMode: pulumi.String("ALL_REGIONS"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleOrganizationConfiguration, err := securityhub.NewOrganizationConfiguration(ctx, "example", &securityhub.OrganizationConfigurationArgs{
    			AutoEnable:          pulumi.Bool(false),
    			AutoEnableStandards: pulumi.String("NONE"),
    			OrganizationConfiguration: &securityhub.OrganizationConfigurationOrganizationConfigurationArgs{
    				ConfigurationType: pulumi.String("CENTRAL"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			example,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = securityhub.NewConfigurationPolicy(ctx, "example", &securityhub.ConfigurationPolicyArgs{
    			Name:        pulumi.String("Example"),
    			Description: pulumi.String("This is an example configuration policy"),
    			ConfigurationPolicy: &securityhub.ConfigurationPolicyConfigurationPolicyArgs{
    				ServiceEnabled: pulumi.Bool(true),
    				EnabledStandardArns: pulumi.StringArray{
    					pulumi.String("arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0"),
    					pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
    				},
    				SecurityControlsConfiguration: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs{
    					DisabledControlIdentifiers: pulumi.StringArray{},
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			exampleOrganizationConfiguration,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.SecurityHub.FindingAggregator("example", new()
        {
            LinkingMode = "ALL_REGIONS",
        });
    
        var exampleOrganizationConfiguration = new Aws.SecurityHub.OrganizationConfiguration("example", new()
        {
            AutoEnable = false,
            AutoEnableStandards = "NONE",
            OrganizationConfigurationDetails = new Aws.SecurityHub.Inputs.OrganizationConfigurationOrganizationConfigurationArgs
            {
                ConfigurationType = "CENTRAL",
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                example,
            },
        });
    
        var exampleConfigurationPolicy = new Aws.SecurityHub.ConfigurationPolicy("example", new()
        {
            Name = "Example",
            Description = "This is an example configuration policy",
            ConfigurationPolicyDetails = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicyArgs
            {
                ServiceEnabled = true,
                EnabledStandardArns = new[]
                {
                    "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
                    "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
                },
                SecurityControlsConfiguration = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs
                {
                    DisabledControlIdentifiers = new() { },
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                exampleOrganizationConfiguration,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.securityhub.FindingAggregator;
    import com.pulumi.aws.securityhub.FindingAggregatorArgs;
    import com.pulumi.aws.securityhub.OrganizationConfiguration;
    import com.pulumi.aws.securityhub.OrganizationConfigurationArgs;
    import com.pulumi.aws.securityhub.inputs.OrganizationConfigurationOrganizationConfigurationArgs;
    import com.pulumi.aws.securityhub.ConfigurationPolicy;
    import com.pulumi.aws.securityhub.ConfigurationPolicyArgs;
    import com.pulumi.aws.securityhub.inputs.ConfigurationPolicyConfigurationPolicyArgs;
    import com.pulumi.aws.securityhub.inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new FindingAggregator("example", FindingAggregatorArgs.builder()
                .linkingMode("ALL_REGIONS")
                .build());
    
            var exampleOrganizationConfiguration = new OrganizationConfiguration("exampleOrganizationConfiguration", OrganizationConfigurationArgs.builder()
                .autoEnable(false)
                .autoEnableStandards("NONE")
                .organizationConfiguration(OrganizationConfigurationOrganizationConfigurationArgs.builder()
                    .configurationType("CENTRAL")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(example)
                    .build());
    
            var exampleConfigurationPolicy = new ConfigurationPolicy("exampleConfigurationPolicy", ConfigurationPolicyArgs.builder()
                .name("Example")
                .description("This is an example configuration policy")
                .configurationPolicy(ConfigurationPolicyConfigurationPolicyArgs.builder()
                    .serviceEnabled(true)
                    .enabledStandardArns(                
                        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
                        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0")
                    .securityControlsConfiguration(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs.builder()
                        .disabledControlIdentifiers()
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(exampleOrganizationConfiguration)
                    .build());
    
        }
    }
    
    resources:
      example:
        type: aws:securityhub:FindingAggregator
        properties:
          linkingMode: ALL_REGIONS
      exampleOrganizationConfiguration:
        type: aws:securityhub:OrganizationConfiguration
        name: example
        properties:
          autoEnable: false
          autoEnableStandards: NONE
          organizationConfiguration:
            configurationType: CENTRAL
        options:
          dependson:
            - ${example}
      exampleConfigurationPolicy:
        type: aws:securityhub:ConfigurationPolicy
        name: example
        properties:
          name: Example
          description: This is an example configuration policy
          configurationPolicy:
            serviceEnabled: true
            enabledStandardArns:
              - arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0
              - arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0
            securityControlsConfiguration:
              disabledControlIdentifiers: []
        options:
          dependson:
            - ${exampleOrganizationConfiguration}
    

    Disabled Policy

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const disabled = new aws.securityhub.ConfigurationPolicy("disabled", {
        name: "Disabled",
        description: "This is an example of disabled configuration policy",
        configurationPolicy: {
            serviceEnabled: false,
        },
    }, {
        dependsOn: [example],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    disabled = aws.securityhub.ConfigurationPolicy("disabled",
        name="Disabled",
        description="This is an example of disabled configuration policy",
        configuration_policy={
            "service_enabled": False,
        },
        opts = pulumi.ResourceOptions(depends_on=[example]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityhub.NewConfigurationPolicy(ctx, "disabled", &securityhub.ConfigurationPolicyArgs{
    			Name:        pulumi.String("Disabled"),
    			Description: pulumi.String("This is an example of disabled configuration policy"),
    			ConfigurationPolicy: &securityhub.ConfigurationPolicyConfigurationPolicyArgs{
    				ServiceEnabled: pulumi.Bool(false),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			example,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var disabled = new Aws.SecurityHub.ConfigurationPolicy("disabled", new()
        {
            Name = "Disabled",
            Description = "This is an example of disabled configuration policy",
            ConfigurationPolicyDetails = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicyArgs
            {
                ServiceEnabled = false,
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                example,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.securityhub.ConfigurationPolicy;
    import com.pulumi.aws.securityhub.ConfigurationPolicyArgs;
    import com.pulumi.aws.securityhub.inputs.ConfigurationPolicyConfigurationPolicyArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var disabled = new ConfigurationPolicy("disabled", ConfigurationPolicyArgs.builder()
                .name("Disabled")
                .description("This is an example of disabled configuration policy")
                .configurationPolicy(ConfigurationPolicyConfigurationPolicyArgs.builder()
                    .serviceEnabled(false)
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(example)
                    .build());
    
        }
    }
    
    resources:
      disabled:
        type: aws:securityhub:ConfigurationPolicy
        properties:
          name: Disabled
          description: This is an example of disabled configuration policy
          configurationPolicy:
            serviceEnabled: false
        options:
          dependson:
            - ${example}
    

    Custom Control Configuration

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const disabled = new aws.securityhub.ConfigurationPolicy("disabled", {
        name: "Custom Controls",
        description: "This is an example of configuration policy with custom control settings",
        configurationPolicy: {
            serviceEnabled: true,
            enabledStandardArns: [
                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            ],
            securityControlsConfiguration: {
                enabledControlIdentifiers: [
                    "APIGateway.1",
                    "IAM.7",
                ],
                securityControlCustomParameters: [
                    {
                        securityControlId: "APIGateway.1",
                        parameters: [{
                            name: "loggingLevel",
                            valueType: "CUSTOM",
                            "enum": {
                                value: "INFO",
                            },
                        }],
                    },
                    {
                        securityControlId: "IAM.7",
                        parameters: [
                            {
                                name: "RequireLowercaseCharacters",
                                valueType: "CUSTOM",
                                bool: {
                                    value: false,
                                },
                            },
                            {
                                name: "MaxPasswordAge",
                                valueType: "CUSTOM",
                                int: {
                                    value: 60,
                                },
                            },
                        ],
                    },
                ],
            },
        },
    }, {
        dependsOn: [example],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    disabled = aws.securityhub.ConfigurationPolicy("disabled",
        name="Custom Controls",
        description="This is an example of configuration policy with custom control settings",
        configuration_policy={
            "service_enabled": True,
            "enabled_standard_arns": [
                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            ],
            "security_controls_configuration": {
                "enabled_control_identifiers": [
                    "APIGateway.1",
                    "IAM.7",
                ],
                "security_control_custom_parameters": [
                    {
                        "security_control_id": "APIGateway.1",
                        "parameters": [{
                            "name": "loggingLevel",
                            "value_type": "CUSTOM",
                            "enum": {
                                "value": "INFO",
                            },
                        }],
                    },
                    {
                        "security_control_id": "IAM.7",
                        "parameters": [
                            {
                                "name": "RequireLowercaseCharacters",
                                "value_type": "CUSTOM",
                                "bool": {
                                    "value": False,
                                },
                            },
                            {
                                "name": "MaxPasswordAge",
                                "value_type": "CUSTOM",
                                "int": {
                                    "value": 60,
                                },
                            },
                        ],
                    },
                ],
            },
        },
        opts = pulumi.ResourceOptions(depends_on=[example]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityhub.NewConfigurationPolicy(ctx, "disabled", &securityhub.ConfigurationPolicyArgs{
    			Name:        pulumi.String("Custom Controls"),
    			Description: pulumi.String("This is an example of configuration policy with custom control settings"),
    			ConfigurationPolicy: &securityhub.ConfigurationPolicyConfigurationPolicyArgs{
    				ServiceEnabled: pulumi.Bool(true),
    				EnabledStandardArns: pulumi.StringArray{
    					pulumi.String("arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0"),
    					pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
    				},
    				SecurityControlsConfiguration: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs{
    					EnabledControlIdentifiers: pulumi.StringArray{
    						pulumi.String("APIGateway.1"),
    						pulumi.String("IAM.7"),
    					},
    					SecurityControlCustomParameters: securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArray{
    						&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs{
    							SecurityControlId: pulumi.String("APIGateway.1"),
    							Parameters: securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArray{
    								&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs{
    									Name:      pulumi.String("loggingLevel"),
    									ValueType: pulumi.String("CUSTOM"),
    									Enum: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumArgs{
    										Value: pulumi.String("INFO"),
    									},
    								},
    							},
    						},
    						&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs{
    							SecurityControlId: pulumi.String("IAM.7"),
    							Parameters: securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArray{
    								&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs{
    									Name:      pulumi.String("RequireLowercaseCharacters"),
    									ValueType: pulumi.String("CUSTOM"),
    									Bool: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBoolArgs{
    										Value: pulumi.Bool(false),
    									},
    								},
    								&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs{
    									Name:      pulumi.String("MaxPasswordAge"),
    									ValueType: pulumi.String("CUSTOM"),
    									Int: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntArgs{
    										Value: pulumi.Int(60),
    									},
    								},
    							},
    						},
    					},
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			example,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var disabled = new Aws.SecurityHub.ConfigurationPolicy("disabled", new()
        {
            Name = "Custom Controls",
            Description = "This is an example of configuration policy with custom control settings",
            ConfigurationPolicyDetails = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicyArgs
            {
                ServiceEnabled = true,
                EnabledStandardArns = new[]
                {
                    "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
                    "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
                },
                SecurityControlsConfiguration = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs
                {
                    EnabledControlIdentifiers = new[]
                    {
                        "APIGateway.1",
                        "IAM.7",
                    },
                    SecurityControlCustomParameters = new[]
                    {
                        new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs
                        {
                            SecurityControlId = "APIGateway.1",
                            Parameters = new[]
                            {
                                new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs
                                {
                                    Name = "loggingLevel",
                                    ValueType = "CUSTOM",
                                    Enum = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumArgs
                                    {
                                        Value = "INFO",
                                    },
                                },
                            },
                        },
                        new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs
                        {
                            SecurityControlId = "IAM.7",
                            Parameters = new[]
                            {
                                new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs
                                {
                                    Name = "RequireLowercaseCharacters",
                                    ValueType = "CUSTOM",
                                    Bool = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBoolArgs
                                    {
                                        Value = false,
                                    },
                                },
                                new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs
                                {
                                    Name = "MaxPasswordAge",
                                    ValueType = "CUSTOM",
                                    Int = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntArgs
                                    {
                                        Value = 60,
                                    },
                                },
                            },
                        },
                    },
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                example,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.securityhub.ConfigurationPolicy;
    import com.pulumi.aws.securityhub.ConfigurationPolicyArgs;
    import com.pulumi.aws.securityhub.inputs.ConfigurationPolicyConfigurationPolicyArgs;
    import com.pulumi.aws.securityhub.inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var disabled = new ConfigurationPolicy("disabled", ConfigurationPolicyArgs.builder()
                .name("Custom Controls")
                .description("This is an example of configuration policy with custom control settings")
                .configurationPolicy(ConfigurationPolicyConfigurationPolicyArgs.builder()
                    .serviceEnabled(true)
                    .enabledStandardArns(                
                        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
                        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0")
                    .securityControlsConfiguration(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs.builder()
                        .enabledControlIdentifiers(                    
                            "APIGateway.1",
                            "IAM.7")
                        .securityControlCustomParameters(                    
                            ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs.builder()
                                .securityControlId("APIGateway.1")
                                .parameters(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs.builder()
                                    .name("loggingLevel")
                                    .valueType("CUSTOM")
                                    .enum_(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumArgs.builder()
                                        .value("INFO")
                                        .build())
                                    .build())
                                .build(),
                            ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs.builder()
                                .securityControlId("IAM.7")
                                .parameters(                            
                                    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs.builder()
                                        .name("RequireLowercaseCharacters")
                                        .valueType("CUSTOM")
                                        .bool(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBoolArgs.builder()
                                            .value(false)
                                            .build())
                                        .build(),
                                    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs.builder()
                                        .name("MaxPasswordAge")
                                        .valueType("CUSTOM")
                                        .int_(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntArgs.builder()
                                            .value(60)
                                            .build())
                                        .build())
                                .build())
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(example)
                    .build());
    
        }
    }
    
    resources:
      disabled:
        type: aws:securityhub:ConfigurationPolicy
        properties:
          name: Custom Controls
          description: This is an example of configuration policy with custom control settings
          configurationPolicy:
            serviceEnabled: true
            enabledStandardArns:
              - arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0
              - arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0
            securityControlsConfiguration:
              enabledControlIdentifiers:
                - APIGateway.1
                - IAM.7
              securityControlCustomParameters:
                - securityControlId: APIGateway.1
                  parameters:
                    - name: loggingLevel
                      valueType: CUSTOM
                      enum:
                        value: INFO
                - securityControlId: IAM.7
                  parameters:
                    - name: RequireLowercaseCharacters
                      valueType: CUSTOM
                      bool:
                        value: false
                    - name: MaxPasswordAge
                      valueType: CUSTOM
                      int:
                        value: 60
        options:
          dependson:
            - ${example}
    

    Create ConfigurationPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ConfigurationPolicy(name: string, args: ConfigurationPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def ConfigurationPolicy(resource_name: str,
                            args: ConfigurationPolicyArgs,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def ConfigurationPolicy(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            configuration_policy: Optional[ConfigurationPolicyConfigurationPolicyArgs] = None,
                            description: Optional[str] = None,
                            name: Optional[str] = None)
    func NewConfigurationPolicy(ctx *Context, name string, args ConfigurationPolicyArgs, opts ...ResourceOption) (*ConfigurationPolicy, error)
    public ConfigurationPolicy(string name, ConfigurationPolicyArgs args, CustomResourceOptions? opts = null)
    public ConfigurationPolicy(String name, ConfigurationPolicyArgs args)
    public ConfigurationPolicy(String name, ConfigurationPolicyArgs args, CustomResourceOptions options)
    
    type: aws:securityhub:ConfigurationPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ConfigurationPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var configurationPolicyResource = new Aws.SecurityHub.ConfigurationPolicy("configurationPolicyResource", new()
    {
        ConfigurationPolicyDetails = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicyArgs
        {
            ServiceEnabled = false,
            EnabledStandardArns = new[]
            {
                "string",
            },
            SecurityControlsConfiguration = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs
            {
                DisabledControlIdentifiers = new[]
                {
                    "string",
                },
                EnabledControlIdentifiers = new[]
                {
                    "string",
                },
                SecurityControlCustomParameters = new[]
                {
                    new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs
                    {
                        Parameters = new[]
                        {
                            new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs
                            {
                                Name = "string",
                                ValueType = "string",
                                Bool = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBoolArgs
                                {
                                    Value = false,
                                },
                                Double = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDoubleArgs
                                {
                                    Value = 0,
                                },
                                Enum = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumArgs
                                {
                                    Value = "string",
                                },
                                EnumList = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumListArgs
                                {
                                    Values = new[]
                                    {
                                        "string",
                                    },
                                },
                                Int = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntArgs
                                {
                                    Value = 0,
                                },
                                IntList = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntListArgs
                                {
                                    Values = new[]
                                    {
                                        0,
                                    },
                                },
                                String = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringArgs
                                {
                                    Value = "string",
                                },
                                StringList = new Aws.SecurityHub.Inputs.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringListArgs
                                {
                                    Values = new[]
                                    {
                                        "string",
                                    },
                                },
                            },
                        },
                        SecurityControlId = "string",
                    },
                },
            },
        },
        Description = "string",
        Name = "string",
    });
    
    example, err := securityhub.NewConfigurationPolicy(ctx, "configurationPolicyResource", &securityhub.ConfigurationPolicyArgs{
    	ConfigurationPolicy: &securityhub.ConfigurationPolicyConfigurationPolicyArgs{
    		ServiceEnabled: pulumi.Bool(false),
    		EnabledStandardArns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		SecurityControlsConfiguration: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs{
    			DisabledControlIdentifiers: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EnabledControlIdentifiers: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SecurityControlCustomParameters: securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArray{
    				&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs{
    					Parameters: securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArray{
    						&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs{
    							Name:      pulumi.String("string"),
    							ValueType: pulumi.String("string"),
    							Bool: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBoolArgs{
    								Value: pulumi.Bool(false),
    							},
    							Double: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDoubleArgs{
    								Value: pulumi.Float64(0),
    							},
    							Enum: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumArgs{
    								Value: pulumi.String("string"),
    							},
    							EnumList: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumListArgs{
    								Values: pulumi.StringArray{
    									pulumi.String("string"),
    								},
    							},
    							Int: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntArgs{
    								Value: pulumi.Int(0),
    							},
    							IntList: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntListArgs{
    								Values: pulumi.IntArray{
    									pulumi.Int(0),
    								},
    							},
    							String: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringArgs{
    								Value: pulumi.String("string"),
    							},
    							StringList: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringListArgs{
    								Values: pulumi.StringArray{
    									pulumi.String("string"),
    								},
    							},
    						},
    					},
    					SecurityControlId: pulumi.String("string"),
    				},
    			},
    		},
    	},
    	Description: pulumi.String("string"),
    	Name:        pulumi.String("string"),
    })
    
    var configurationPolicyResource = new ConfigurationPolicy("configurationPolicyResource", ConfigurationPolicyArgs.builder()
        .configurationPolicy(ConfigurationPolicyConfigurationPolicyArgs.builder()
            .serviceEnabled(false)
            .enabledStandardArns("string")
            .securityControlsConfiguration(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs.builder()
                .disabledControlIdentifiers("string")
                .enabledControlIdentifiers("string")
                .securityControlCustomParameters(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs.builder()
                    .parameters(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs.builder()
                        .name("string")
                        .valueType("string")
                        .bool(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBoolArgs.builder()
                            .value(false)
                            .build())
                        .double_(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDoubleArgs.builder()
                            .value(0)
                            .build())
                        .enum_(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumArgs.builder()
                            .value("string")
                            .build())
                        .enumList(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumListArgs.builder()
                            .values("string")
                            .build())
                        .int_(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntArgs.builder()
                            .value(0)
                            .build())
                        .intList(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntListArgs.builder()
                            .values(0)
                            .build())
                        .string(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringArgs.builder()
                            .value("string")
                            .build())
                        .stringList(ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringListArgs.builder()
                            .values("string")
                            .build())
                        .build())
                    .securityControlId("string")
                    .build())
                .build())
            .build())
        .description("string")
        .name("string")
        .build());
    
    configuration_policy_resource = aws.securityhub.ConfigurationPolicy("configurationPolicyResource",
        configuration_policy={
            "service_enabled": False,
            "enabled_standard_arns": ["string"],
            "security_controls_configuration": {
                "disabled_control_identifiers": ["string"],
                "enabled_control_identifiers": ["string"],
                "security_control_custom_parameters": [{
                    "parameters": [{
                        "name": "string",
                        "value_type": "string",
                        "bool": {
                            "value": False,
                        },
                        "double": {
                            "value": 0,
                        },
                        "enum": {
                            "value": "string",
                        },
                        "enum_list": {
                            "values": ["string"],
                        },
                        "int": {
                            "value": 0,
                        },
                        "int_list": {
                            "values": [0],
                        },
                        "string": {
                            "value": "string",
                        },
                        "string_list": {
                            "values": ["string"],
                        },
                    }],
                    "security_control_id": "string",
                }],
            },
        },
        description="string",
        name="string")
    
    const configurationPolicyResource = new aws.securityhub.ConfigurationPolicy("configurationPolicyResource", {
        configurationPolicy: {
            serviceEnabled: false,
            enabledStandardArns: ["string"],
            securityControlsConfiguration: {
                disabledControlIdentifiers: ["string"],
                enabledControlIdentifiers: ["string"],
                securityControlCustomParameters: [{
                    parameters: [{
                        name: "string",
                        valueType: "string",
                        bool: {
                            value: false,
                        },
                        double: {
                            value: 0,
                        },
                        "enum": {
                            value: "string",
                        },
                        enumList: {
                            values: ["string"],
                        },
                        int: {
                            value: 0,
                        },
                        intList: {
                            values: [0],
                        },
                        string: {
                            value: "string",
                        },
                        stringList: {
                            values: ["string"],
                        },
                    }],
                    securityControlId: "string",
                }],
            },
        },
        description: "string",
        name: "string",
    });
    
    type: aws:securityhub:ConfigurationPolicy
    properties:
        configurationPolicy:
            enabledStandardArns:
                - string
            securityControlsConfiguration:
                disabledControlIdentifiers:
                    - string
                enabledControlIdentifiers:
                    - string
                securityControlCustomParameters:
                    - parameters:
                        - bool:
                            value: false
                          double:
                            value: 0
                          enum:
                            value: string
                          enumList:
                            values:
                                - string
                          int:
                            value: 0
                          intList:
                            values:
                                - 0
                          name: string
                          string:
                            value: string
                          stringList:
                            values:
                                - string
                          valueType: string
                      securityControlId: string
            serviceEnabled: false
        description: string
        name: string
    

    ConfigurationPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ConfigurationPolicy resource accepts the following input properties:

    ConfigurationPolicyDetails ConfigurationPolicyConfigurationPolicy
    Defines how Security Hub is configured. See below.
    Description string
    The description of the configuration policy.
    Name string
    The name of the configuration policy.
    ConfigurationPolicy ConfigurationPolicyConfigurationPolicyArgs
    Defines how Security Hub is configured. See below.
    Description string
    The description of the configuration policy.
    Name string
    The name of the configuration policy.
    configurationPolicy ConfigurationPolicyConfigurationPolicy
    Defines how Security Hub is configured. See below.
    description String
    The description of the configuration policy.
    name String
    The name of the configuration policy.
    configurationPolicy ConfigurationPolicyConfigurationPolicy
    Defines how Security Hub is configured. See below.
    description string
    The description of the configuration policy.
    name string
    The name of the configuration policy.
    configuration_policy ConfigurationPolicyConfigurationPolicyArgs
    Defines how Security Hub is configured. See below.
    description str
    The description of the configuration policy.
    name str
    The name of the configuration policy.
    configurationPolicy Property Map
    Defines how Security Hub is configured. See below.
    description String
    The description of the configuration policy.
    name String
    The name of the configuration policy.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ConfigurationPolicy resource produces the following output properties:

    Arn string
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String
    id String
    The provider-assigned unique ID for this managed resource.
    arn string
    id string
    The provider-assigned unique ID for this managed resource.
    arn str
    id str
    The provider-assigned unique ID for this managed resource.
    arn String
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ConfigurationPolicy Resource

    Get an existing ConfigurationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ConfigurationPolicyState, opts?: CustomResourceOptions): ConfigurationPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            configuration_policy: Optional[ConfigurationPolicyConfigurationPolicyArgs] = None,
            description: Optional[str] = None,
            name: Optional[str] = None) -> ConfigurationPolicy
    func GetConfigurationPolicy(ctx *Context, name string, id IDInput, state *ConfigurationPolicyState, opts ...ResourceOption) (*ConfigurationPolicy, error)
    public static ConfigurationPolicy Get(string name, Input<string> id, ConfigurationPolicyState? state, CustomResourceOptions? opts = null)
    public static ConfigurationPolicy get(String name, Output<String> id, ConfigurationPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    ConfigurationPolicyDetails ConfigurationPolicyConfigurationPolicy
    Defines how Security Hub is configured. See below.
    Description string
    The description of the configuration policy.
    Name string
    The name of the configuration policy.
    Arn string
    ConfigurationPolicy ConfigurationPolicyConfigurationPolicyArgs
    Defines how Security Hub is configured. See below.
    Description string
    The description of the configuration policy.
    Name string
    The name of the configuration policy.
    arn String
    configurationPolicy ConfigurationPolicyConfigurationPolicy
    Defines how Security Hub is configured. See below.
    description String
    The description of the configuration policy.
    name String
    The name of the configuration policy.
    arn string
    configurationPolicy ConfigurationPolicyConfigurationPolicy
    Defines how Security Hub is configured. See below.
    description string
    The description of the configuration policy.
    name string
    The name of the configuration policy.
    arn str
    configuration_policy ConfigurationPolicyConfigurationPolicyArgs
    Defines how Security Hub is configured. See below.
    description str
    The description of the configuration policy.
    name str
    The name of the configuration policy.
    arn String
    configurationPolicy Property Map
    Defines how Security Hub is configured. See below.
    description String
    The description of the configuration policy.
    name String
    The name of the configuration policy.

    Supporting Types

    ConfigurationPolicyConfigurationPolicy, ConfigurationPolicyConfigurationPolicyArgs

    ServiceEnabled bool
    Indicates whether Security Hub is enabled in the policy.
    EnabledStandardArns List<string>
    A list that defines which security standards are enabled in the configuration policy. It must be defined if service_enabled is set to true.
    SecurityControlsConfiguration ConfigurationPolicyConfigurationPolicySecurityControlsConfiguration
    Defines which security controls are enabled in the configuration policy and any customizations to parameters affecting them. See below.
    ServiceEnabled bool
    Indicates whether Security Hub is enabled in the policy.
    EnabledStandardArns []string
    A list that defines which security standards are enabled in the configuration policy. It must be defined if service_enabled is set to true.
    SecurityControlsConfiguration ConfigurationPolicyConfigurationPolicySecurityControlsConfiguration
    Defines which security controls are enabled in the configuration policy and any customizations to parameters affecting them. See below.
    serviceEnabled Boolean
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardArns List<String>
    A list that defines which security standards are enabled in the configuration policy. It must be defined if service_enabled is set to true.
    securityControlsConfiguration ConfigurationPolicyConfigurationPolicySecurityControlsConfiguration
    Defines which security controls are enabled in the configuration policy and any customizations to parameters affecting them. See below.
    serviceEnabled boolean
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardArns string[]
    A list that defines which security standards are enabled in the configuration policy. It must be defined if service_enabled is set to true.
    securityControlsConfiguration ConfigurationPolicyConfigurationPolicySecurityControlsConfiguration
    Defines which security controls are enabled in the configuration policy and any customizations to parameters affecting them. See below.
    service_enabled bool
    Indicates whether Security Hub is enabled in the policy.
    enabled_standard_arns Sequence[str]
    A list that defines which security standards are enabled in the configuration policy. It must be defined if service_enabled is set to true.
    security_controls_configuration ConfigurationPolicyConfigurationPolicySecurityControlsConfiguration
    Defines which security controls are enabled in the configuration policy and any customizations to parameters affecting them. See below.
    serviceEnabled Boolean
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardArns List<String>
    A list that defines which security standards are enabled in the configuration policy. It must be defined if service_enabled is set to true.
    securityControlsConfiguration Property Map
    Defines which security controls are enabled in the configuration policy and any customizations to parameters affecting them. See below.

    ConfigurationPolicyConfigurationPolicySecurityControlsConfiguration, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs

    DisabledControlIdentifiers List<string>
    A list of security controls that are disabled in the configuration policy Security Hub enables all other controls (including newly released controls) other than the listed controls. Conflicts with enabled_control_identifiers.
    EnabledControlIdentifiers List<string>
    A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. Conflicts with disabled_control_identifiers.
    SecurityControlCustomParameters List<ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameter>
    A list of control parameter customizations that are included in a configuration policy. Include multiple blocks to define multiple control custom parameters. See below.
    DisabledControlIdentifiers []string
    A list of security controls that are disabled in the configuration policy Security Hub enables all other controls (including newly released controls) other than the listed controls. Conflicts with enabled_control_identifiers.
    EnabledControlIdentifiers []string
    A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. Conflicts with disabled_control_identifiers.
    SecurityControlCustomParameters []ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameter
    A list of control parameter customizations that are included in a configuration policy. Include multiple blocks to define multiple control custom parameters. See below.
    disabledControlIdentifiers List<String>
    A list of security controls that are disabled in the configuration policy Security Hub enables all other controls (including newly released controls) other than the listed controls. Conflicts with enabled_control_identifiers.
    enabledControlIdentifiers List<String>
    A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. Conflicts with disabled_control_identifiers.
    securityControlCustomParameters List<ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameter>
    A list of control parameter customizations that are included in a configuration policy. Include multiple blocks to define multiple control custom parameters. See below.
    disabledControlIdentifiers string[]
    A list of security controls that are disabled in the configuration policy Security Hub enables all other controls (including newly released controls) other than the listed controls. Conflicts with enabled_control_identifiers.
    enabledControlIdentifiers string[]
    A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. Conflicts with disabled_control_identifiers.
    securityControlCustomParameters ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameter[]
    A list of control parameter customizations that are included in a configuration policy. Include multiple blocks to define multiple control custom parameters. See below.
    disabled_control_identifiers Sequence[str]
    A list of security controls that are disabled in the configuration policy Security Hub enables all other controls (including newly released controls) other than the listed controls. Conflicts with enabled_control_identifiers.
    enabled_control_identifiers Sequence[str]
    A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. Conflicts with disabled_control_identifiers.
    security_control_custom_parameters Sequence[ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameter]
    A list of control parameter customizations that are included in a configuration policy. Include multiple blocks to define multiple control custom parameters. See below.
    disabledControlIdentifiers List<String>
    A list of security controls that are disabled in the configuration policy Security Hub enables all other controls (including newly released controls) other than the listed controls. Conflicts with enabled_control_identifiers.
    enabledControlIdentifiers List<String>
    A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. Conflicts with disabled_control_identifiers.
    securityControlCustomParameters List<Property Map>
    A list of control parameter customizations that are included in a configuration policy. Include multiple blocks to define multiple control custom parameters. See below.

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameter, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs

    Parameters List<ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameter>
    An object that specifies parameter values for a control in a configuration policy. See below.
    SecurityControlId string
    The ID of the security control. For more information see the [Security Hub controls reference] documentation.
    Parameters []ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameter
    An object that specifies parameter values for a control in a configuration policy. See below.
    SecurityControlId string
    The ID of the security control. For more information see the [Security Hub controls reference] documentation.
    parameters List<ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameter>
    An object that specifies parameter values for a control in a configuration policy. See below.
    securityControlId String
    The ID of the security control. For more information see the [Security Hub controls reference] documentation.
    parameters ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameter[]
    An object that specifies parameter values for a control in a configuration policy. See below.
    securityControlId string
    The ID of the security control. For more information see the [Security Hub controls reference] documentation.
    parameters Sequence[ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameter]
    An object that specifies parameter values for a control in a configuration policy. See below.
    security_control_id str
    The ID of the security control. For more information see the [Security Hub controls reference] documentation.
    parameters List<Property Map>
    An object that specifies parameter values for a control in a configuration policy. See below.
    securityControlId String
    The ID of the security control. For more information see the [Security Hub controls reference] documentation.

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameter, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs

    Name string
    The name of the control parameter. For more information see the [Security Hub controls reference] documentation.
    ValueType string
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. Valid values: DEFAULT, CUSTOM.
    Bool ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBool
    The bool value for a Boolean-typed Security Hub Control Parameter.
    Double ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDouble
    The float value for a Double-typed Security Hub Control Parameter.
    Enum ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnum
    The string value for a Enum-typed Security Hub Control Parameter.
    EnumList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumList
    The string list value for a EnumList-typed Security Hub Control Parameter.
    Int ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterInt
    The int value for a Int-typed Security Hub Control Parameter.
    IntList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntList
    The int list value for a IntList-typed Security Hub Control Parameter.
    String ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterString
    The string value for a String-typed Security Hub Control Parameter.
    StringList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringList
    The string list value for a StringList-typed Security Hub Control Parameter.
    Name string
    The name of the control parameter. For more information see the [Security Hub controls reference] documentation.
    ValueType string
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. Valid values: DEFAULT, CUSTOM.
    Bool ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBool
    The bool value for a Boolean-typed Security Hub Control Parameter.
    Double ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDouble
    The float value for a Double-typed Security Hub Control Parameter.
    Enum ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnum
    The string value for a Enum-typed Security Hub Control Parameter.
    EnumList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumList
    The string list value for a EnumList-typed Security Hub Control Parameter.
    Int ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterInt
    The int value for a Int-typed Security Hub Control Parameter.
    IntList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntList
    The int list value for a IntList-typed Security Hub Control Parameter.
    String ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterString
    The string value for a String-typed Security Hub Control Parameter.
    StringList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringList
    The string list value for a StringList-typed Security Hub Control Parameter.
    name String
    The name of the control parameter. For more information see the [Security Hub controls reference] documentation.
    valueType String
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. Valid values: DEFAULT, CUSTOM.
    bool ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBool
    The bool value for a Boolean-typed Security Hub Control Parameter.
    double_ ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDouble
    The float value for a Double-typed Security Hub Control Parameter.
    enumList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumList
    The string list value for a EnumList-typed Security Hub Control Parameter.
    enum_ ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnum
    The string value for a Enum-typed Security Hub Control Parameter.
    intList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntList
    The int list value for a IntList-typed Security Hub Control Parameter.
    int_ ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterInt
    The int value for a Int-typed Security Hub Control Parameter.
    string ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterString
    The string value for a String-typed Security Hub Control Parameter.
    stringList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringList
    The string list value for a StringList-typed Security Hub Control Parameter.
    name string
    The name of the control parameter. For more information see the [Security Hub controls reference] documentation.
    valueType string
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. Valid values: DEFAULT, CUSTOM.
    bool ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBool
    The bool value for a Boolean-typed Security Hub Control Parameter.
    double ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDouble
    The float value for a Double-typed Security Hub Control Parameter.
    enum ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnum
    The string value for a Enum-typed Security Hub Control Parameter.
    enumList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumList
    The string list value for a EnumList-typed Security Hub Control Parameter.
    int ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterInt
    The int value for a Int-typed Security Hub Control Parameter.
    intList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntList
    The int list value for a IntList-typed Security Hub Control Parameter.
    string ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterString
    The string value for a String-typed Security Hub Control Parameter.
    stringList ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringList
    The string list value for a StringList-typed Security Hub Control Parameter.
    name str
    The name of the control parameter. For more information see the [Security Hub controls reference] documentation.
    value_type str
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. Valid values: DEFAULT, CUSTOM.
    bool ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBool
    The bool value for a Boolean-typed Security Hub Control Parameter.
    double ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDouble
    The float value for a Double-typed Security Hub Control Parameter.
    enum ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnum
    The string value for a Enum-typed Security Hub Control Parameter.
    enum_list ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumList
    The string list value for a EnumList-typed Security Hub Control Parameter.
    int ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterInt
    The int value for a Int-typed Security Hub Control Parameter.
    int_list ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntList
    The int list value for a IntList-typed Security Hub Control Parameter.
    string ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterString
    The string value for a String-typed Security Hub Control Parameter.
    string_list ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringList
    The string list value for a StringList-typed Security Hub Control Parameter.
    name String
    The name of the control parameter. For more information see the [Security Hub controls reference] documentation.
    valueType String
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. Valid values: DEFAULT, CUSTOM.
    bool Property Map
    The bool value for a Boolean-typed Security Hub Control Parameter.
    double Property Map
    The float value for a Double-typed Security Hub Control Parameter.
    enum Property Map
    The string value for a Enum-typed Security Hub Control Parameter.
    enumList Property Map
    The string list value for a EnumList-typed Security Hub Control Parameter.
    int Property Map
    The int value for a Int-typed Security Hub Control Parameter.
    intList Property Map
    The int list value for a IntList-typed Security Hub Control Parameter.
    string Property Map
    The string value for a String-typed Security Hub Control Parameter.
    stringList Property Map
    The string list value for a StringList-typed Security Hub Control Parameter.

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBool, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBoolArgs

    Value bool
    Value bool
    value Boolean
    value boolean
    value bool
    value Boolean

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDouble, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDoubleArgs

    Value double
    Value float64
    value Double
    value number
    value float
    value Number

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnum, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumArgs

    Value string
    Value string
    value String
    value string
    value str
    value String

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumList, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumListArgs

    Values List<string>
    Values []string
    values List<String>
    values string[]
    values Sequence[str]
    values List<String>

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterInt, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntArgs

    Value int
    Value int
    value Integer
    value number
    value int
    value Number

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntList, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntListArgs

    Values List<int>
    Values []int
    values List<Integer>
    values number[]
    values Sequence[int]
    values List<Number>

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterString, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringArgs

    Value string
    Value string
    value String
    value string
    value str
    value String

    ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringList, ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringListArgs

    Values List<string>
    Values []string
    values List<String>
    values string[]
    values Sequence[str]
    values List<String>

    Import

    Using pulumi import, import an existing Security Hub enabled account using the universally unique identifier (UUID) of the policy. For example:

    $ pulumi import aws:securityhub/configurationPolicy:ConfigurationPolicy example "00000000-1111-2222-3333-444444444444"
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi