CreateFindingAggregator - AWS Security Hub

CreateFindingAggregator

Used to enable finding aggregation. Must be called from the aggregation Region.

For more details about cross-Region replication, see Configuring finding aggregation in the AWS Security Hub User Guide.

Request Syntax

POST /findingAggregator/create HTTP/1.1 Content-type: application/json { "RegionLinkingMode": "string", "Regions": [ "string" ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

RegionLinkingMode

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

The selected option also determines how to use the Regions provided in the Regions list.

The options are as follows:

  • ALL_REGIONS - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

  • ALL_REGIONS_EXCEPT_SPECIFIED - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

  • SPECIFIED_REGIONS - Indicates to aggregate findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.

Type: String

Pattern: .*\S.*

Required: Yes

Regions

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a comma-separated list of Regions that do not aggregate findings to the aggregation Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a comma-separated list of Regions that do aggregate findings to the aggregation Region.

Type: Array of strings

Pattern: .*\S.*

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "FindingAggregationRegion": "string", "FindingAggregatorArn": "string", "RegionLinkingMode": "string", "Regions": [ "string" ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

FindingAggregationRegion

The aggregation Region.

Type: String

Pattern: .*\S.*

FindingAggregatorArn

The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop finding aggregation.

Type: String

Pattern: .*\S.*

RegionLinkingMode

Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.

Type: String

Pattern: .*\S.*

Regions

The list of excluded Regions or included Regions.

Type: Array of strings

Pattern: .*\S.*

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You don't have permission to perform the action specified in the request.

HTTP Status Code: 403

InternalException

Internal server error.

HTTP Status Code: 500

InvalidAccessException

There is an issue with the account used to make the request. Either Security Hub is not enabled for the account, or the account does not have permission to perform this action.

HTTP Status Code: 401

InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

HTTP Status Code: 400

LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS account or throttling limits. The error code describes the limit exceeded.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: