AWS::SecurityHub::ConfigurationPolicy SecurityHubPolicy

An object that defines how Amazon Security Hub is configured. The configuration policy includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON


{
  "EnabledStandardIdentifiers" : [ String, ... ],
  "SecurityControlsConfiguration" : SecurityControlsConfiguration,
  "ServiceEnabled" : Boolean
}

YAML


  EnabledStandardIdentifiers: 
    - String
  SecurityControlsConfiguration: 
    SecurityControlsConfiguration
  ServiceEnabled: Boolean

Properties

EnabledStandardIdentifiers

A list that defines which security standards are enabled in the configuration policy.

Required: No

Type: Array of String

Maximum: 2048 | 1000

Update requires: No interruption

SecurityControlsConfiguration

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

Required: No

Type: SecurityControlsConfiguration

Update requires: No interruption

ServiceEnabled

Indicates whether Security Hub is enabled in the policy.

Required: No

Type: Boolean

Update requires: No interruption

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

SecurityControlsConfiguration

AWS::SecurityHub::DelegatedAdmin