AWS::SecurityHub::ConfigurationPolicy SecurityHubPolicy
An object that defines how AWS Security Hub is configured. The configuration policy includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "EnabledStandardIdentifiers" :
[ String, ... ]
, "SecurityControlsConfiguration" :SecurityControlsConfiguration
, "ServiceEnabled" :Boolean
}
YAML
EnabledStandardIdentifiers:
- String
SecurityControlsConfiguration:SecurityControlsConfiguration
ServiceEnabled:Boolean
Properties
EnabledStandardIdentifiers
-
A list that defines which security standards are enabled in the configuration policy.
This property is required only if
ServiceEnabled
is set totrue
in your configuration policy.Required: Conditional
Type: Array of String
Maximum:
2048 | 1000
Update requires: No interruption
SecurityControlsConfiguration
-
An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabled
is set to true in your configuration policy.Required: Conditional
Type: SecurityControlsConfiguration
Update requires: No interruption
ServiceEnabled
-
Indicates whether Security Hub is enabled in the policy.
Required: No
Type: Boolean
Update requires: No interruption