interface SecurityHubPolicyProperty

Language	Type name
.NET	Amazon.CDK.AWS.SecurityHub.CfnConfigurationPolicy.SecurityHubPolicyProperty
Go	github.com/aws/aws-cdk-go/awscdk/v2/awssecurityhub#CfnConfigurationPolicy_SecurityHubPolicyProperty
Java	software.amazon.awscdk.services.securityhub.CfnConfigurationPolicy.SecurityHubPolicyProperty
Python	aws_cdk.aws_securityhub.CfnConfigurationPolicy.SecurityHubPolicyProperty
TypeScript	aws-cdk-lib » aws_securityhub » CfnConfigurationPolicy » SecurityHubPolicyProperty

An object that defines how AWS Security Hub is configured.

The configuration policy includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securityhubpolicy.html

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_securityhub as securityhub } from 'aws-cdk-lib';
const securityHubPolicyProperty: securityhub.CfnConfigurationPolicy.SecurityHubPolicyProperty = {
  enabledStandardIdentifiers: ['enabledStandardIdentifiers'],
  securityControlsConfiguration: {
    disabledSecurityControlIdentifiers: ['disabledSecurityControlIdentifiers'],
    enabledSecurityControlIdentifiers: ['enabledSecurityControlIdentifiers'],
    securityControlCustomParameters: [{
      parameters: {
        parametersKey: {
          valueType: 'valueType',

          // the properties below are optional
          value: {
            boolean: false,
            double: 123,
            enum: 'enum',
            enumList: ['enumList'],
            integer: 123,
            integerList: [123],
            string: 'string',
            stringList: ['stringList'],
          },
        },
      },
      securityControlId: 'securityControlId',
    }],
  },
  serviceEnabled: false,
};

Properties

Name	Type	Description
enabledStandardIdentifiers?	string[]	A list that defines which security standards are enabled in the configuration policy.
securityControlsConfiguration?	IResolvable | SecurityControlsConfigurationProperty	An object that defines which security controls are enabled in the configuration policy.
serviceEnabled?	boolean | IResolvable	Indicates whether Security Hub is enabled in the policy.

---

enabledStandardIdentifiers?

Type: string[] (optional)

A list that defines which security standards are enabled in the configuration policy.

This property is required only if ServiceEnabled is set to true in your configuration policy.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securityhubpolicy.html#cfn-securityhub-configurationpolicy-securityhubpolicy-enabledstandardidentifiers

---

securityControlsConfiguration?

Type: IResolvable | SecurityControlsConfigurationProperty (optional)

An object that defines which security controls are enabled in the configuration policy.

The enablement status of a control is aligned across all of the enabled standards in an account.

This property is required only if ServiceEnabled is set to true in your configuration policy.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securityhubpolicy.html#cfn-securityhub-configurationpolicy-securityhubpolicy-securitycontrolsconfiguration

---

serviceEnabled?

Type: boolean | IResolvable (optional)

Indicates whether Security Hub is enabled in the policy.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securityhubpolicy.html#cfn-securityhub-configurationpolicy-securityhubpolicy-serviceenabled