CfnOrganizationConfigurationProps
- class aws_cdk.aws_securityhub.CfnOrganizationConfigurationProps(*, auto_enable, auto_enable_standards=None, configuration_type=None)
Bases:
objectProperties for defining a
CfnOrganizationConfiguration.- Parameters:
auto_enable (
Union[bool,IResolvable]) – Whether to automatically enable Security Hub in new member accounts when they join the organization. If set totrue, then Security Hub is automatically enabled in new accounts. If set tofalse, then Security Hub isn’t enabled in new accounts automatically. The default value isfalse. If theConfigurationTypeof your organization is set toCENTRAL, then this field is set tofalseand can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub is enabled and associate the policy with new organization accounts.auto_enable_standards (
Optional[str]) – Whether to automatically enable Security Hub default standards in new member accounts when they join the organization. The default value of this parameter is equal toDEFAULT. If equal toDEFAULT, then Security Hub default standards are automatically enabled for new member accounts. If equal toNONE, then default standards are not automatically enabled for new member accounts. If theConfigurationTypeof your organization is set toCENTRAL, then this field is set toNONEand can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.configuration_type (
Optional[str]) – Indicates whether the organization uses local or central configuration. If you use local configuration, the Security Hub delegated administrator can setAutoEnabletotrueandAutoEnableStandardstoDEFAULT. This automatically enables Security Hub and default security standards in new organization accounts. These new account settings must be set separately in each AWS Region , and settings may be different in each Region. If you use central configuration, the delegated administrator can create configuration policies. Configuration policies can be used to configure Security Hub, security standards, and security controls in multiple accounts and Regions. If you want new organization accounts to use a specific configuration, you can create a configuration policy and associate it with the root or specific organizational units (OUs). New accounts will inherit the policy from the root or their assigned OU.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub cfn_organization_configuration_props = securityhub.CfnOrganizationConfigurationProps( auto_enable=False, # the properties below are optional auto_enable_standards="autoEnableStandards", configuration_type="configurationType" )
Attributes
- auto_enable
Whether to automatically enable Security Hub in new member accounts when they join the organization.
If set to
true, then Security Hub is automatically enabled in new accounts. If set tofalse, then Security Hub isn’t enabled in new accounts automatically. The default value isfalse.If the
ConfigurationTypeof your organization is set toCENTRAL, then this field is set tofalseand can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub is enabled and associate the policy with new organization accounts.
- auto_enable_standards
//docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html>`_ in new member accounts when they join the organization.
The default value of this parameter is equal to
DEFAULT.If equal to
DEFAULT, then Security Hub default standards are automatically enabled for new member accounts. If equal toNONE, then default standards are not automatically enabled for new member accounts.If the
ConfigurationTypeof your organization is set toCENTRAL, then this field is set toNONEand can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.- See:
- Type:
Whether to automatically enable Security Hub `default standards <https
- configuration_type
Indicates whether the organization uses local or central configuration.
If you use local configuration, the Security Hub delegated administrator can set
AutoEnabletotrueandAutoEnableStandardstoDEFAULT. This automatically enables Security Hub and default security standards in new organization accounts. These new account settings must be set separately in each AWS Region , and settings may be different in each Region.If you use central configuration, the delegated administrator can create configuration policies. Configuration policies can be used to configure Security Hub, security standards, and security controls in multiple accounts and Regions. If you want new organization accounts to use a specific configuration, you can create a configuration policy and associate it with the root or specific organizational units (OUs). New accounts will inherit the policy from the root or their assigned OU.