AWS::SecurityHub::ConfigurationPolicy SecurityControlsConfiguration
An object that defines which security controls are enabled in an Amazon Security Hub configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "DisabledSecurityControlIdentifiers" :
[ String, ... ]
, "EnabledSecurityControlIdentifiers" :[ String, ... ]
, "SecurityControlCustomParameters" :[ SecurityControlCustomParameter, ... ]
}
YAML
DisabledSecurityControlIdentifiers:
- String
EnabledSecurityControlIdentifiers:- String
SecurityControlCustomParameters:- SecurityControlCustomParameter
Properties
DisabledSecurityControlIdentifiers
-
A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls.
Required: No
Type: Array of String
Maximum:
2048 | 1000
Update requires: No interruption
EnabledSecurityControlIdentifiers
-
A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls.
Required: No
Type: Array of String
Maximum:
2048 | 1000
Update requires: No interruption
SecurityControlCustomParameters
-
A list of security controls and control parameter values that are included in a configuration policy.
Required: No
Type: Array of SecurityControlCustomParameter
Maximum:
1000
Update requires: No interruption