Syntax Properties Return values Examples

AWS::SecurityHub::DelegatedAdmin

The AWS::SecurityHub::DelegatedAdmin resource designates the delegated AWS Security Hub administrator account for an organization. You must enable the integration between Security Hub and AWS Organizations before you can designate a delegated Security Hub administrator. Only the management account for an organization can designate the delegated Security Hub administrator account. For more information, see Designating the delegated Security Hub administrator in the AWS Security Hub User Guide.

To change the delegated administrator account, remove the current delegated administrator account, and then designate the new account.

To designate multiple delegated administrators in different organizations and AWS Regions, we recommend using AWS CloudFormation mappings.

Tags aren't supported for this resource.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::SecurityHub::DelegatedAdmin",
  "Properties" : {
      "AdminAccountId" : String
    }
}

YAML


Type: AWS::SecurityHub::DelegatedAdmin
Properties:
  AdminAccountId: String

Properties

AdminAccountId

The AWS account identifier of the account to designate as the Security Hub administrator account.

Required: Yes

Type: String

Pattern: ^[0-9]{12}$

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the delegated Security Hub administrator account. The format is accountID/Region. For example, 123456789012/us-west-2.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

DelegatedAdminIdentifier: The ID of the delegated Security Hub administrator account, in the format of accountID/Region.
Status: Whether the delegated Security Hub administrator is set for the organization.

Examples

Designating the delegated Security Hub administrator

The following example designates the specified AWS account as the delegated Security Hub administrator for an organization.

JSON


{
	"Description": "Example template to create the delegated Security Hub administrator",
	"Resources": {
		"SecurityHubDelegatedAdmin": {
			"Type": "AWS::SecurityHub::DelegatedAdmin",
			"Properties": {
				"AdminAccountId": "123456789012"
			}
		}
	}
}

YAML


Description: Example template to create the delegated Security Hub administrator
Resources:
  SecurityHubDelegatedAdmin:
    Type: 'AWS::SecurityHub::DelegatedAdmin'
    Properties:
      AdminAccountId: '123456789012'

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

SecurityHubPolicy

AWS::SecurityHub::FindingAggregator