CfnConfigurationPolicyProps

class aws_cdk.aws_securityhub.CfnConfigurationPolicyProps(*, configuration_policy, name, description=None, tags=None)

Bases: object

Properties for defining a CfnConfigurationPolicy.

Parameters:
  • configuration_policy (Union[IResolvable, PolicyProperty, Dict[str, Any]]) – An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

  • name (str) – The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, / .

  • description (Optional[str]) – The description of the configuration policy.

  • tags (Optional[Mapping[str, str]]) – User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

cfn_configuration_policy_props = securityhub.CfnConfigurationPolicyProps(
    configuration_policy=securityhub.CfnConfigurationPolicy.PolicyProperty(
        security_hub=securityhub.CfnConfigurationPolicy.SecurityHubPolicyProperty(
            enabled_standard_identifiers=["enabledStandardIdentifiers"],
            security_controls_configuration=securityhub.CfnConfigurationPolicy.SecurityControlsConfigurationProperty(
                disabled_security_control_identifiers=["disabledSecurityControlIdentifiers"],
                enabled_security_control_identifiers=["enabledSecurityControlIdentifiers"],
                security_control_custom_parameters=[securityhub.CfnConfigurationPolicy.SecurityControlCustomParameterProperty(
                    parameters={
                        "parameters_key": securityhub.CfnConfigurationPolicy.ParameterConfigurationProperty(
                            value_type="valueType",

                            # the properties below are optional
                            value=securityhub.CfnConfigurationPolicy.ParameterValueProperty(
                                boolean=False,
                                double=123,
                                enum="enum",
                                enum_list=["enumList"],
                                integer=123,
                                integer_list=[123],
                                string="string",
                                string_list=["stringList"]
                            )
                        )
                    },
                    security_control_id="securityControlId"
                )]
            ),
            service_enabled=False
        )
    ),
    name="name",

    # the properties below are optional
    description="description",
    tags={
        "tags_key": "tags"
    }
)

Attributes

configuration_policy

An object that defines how AWS Security Hub is configured.

It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html#cfn-securityhub-configurationpolicy-configurationpolicy

description

The description of the configuration policy.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html#cfn-securityhub-configurationpolicy-description

name

The name of the configuration policy.

Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, / .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html#cfn-securityhub-configurationpolicy-name

tags

User-defined tags associated with a configuration policy.

For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html#cfn-securityhub-configurationpolicy-tags