AWS::SecurityHub::FindingAggregator - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::SecurityHub::FindingAggregator

The AWS::SecurityHub::FindingAggregator resource enables cross-Region aggregation. When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see Cross-Region aggregation in the Amazon Security Hub User Guide

This resource must be created in the Region that you want to designate as your aggregation Region.

Cross-Region aggregation is also a prerequisite for using central configuration in Security Hub.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::SecurityHub::FindingAggregator",
  "Properties" : {
      "RegionLinkingMode" : String,
      "Regions" : [ String, ... ]
    }
}

YAML

Type: AWS::SecurityHub::FindingAggregator
Properties:
  RegionLinkingMode: String
  Regions: 
    - String

Properties

RegionLinkingMode

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

The selected option also determines how to use the Regions provided in the Regions list.

The options are as follows:

  • ALL_REGIONS - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

  • ALL_REGIONS_EXCEPT_SPECIFIED - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

  • SPECIFIED_REGIONS - Indicates to aggregate findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.

Required: Yes

Type: String

Allowed values: ALL_REGIONS | ALL_REGIONS_EXCEPT_SPECIFIED | SPECIFIED_REGIONS

Update requires: No interruption

Regions

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.

Required: No

Type: Array of String

Minimum: 1

Maximum: 50

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the finding aggregator. For example, arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

FindingAggregationRegion

The aggregation Region.

FindingAggregatorArn

The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.

Examples

Configuring Security Hub cross-Region aggregation

The following example configures cross-Region aggregation. The region in which the resource is created is the aggregation Region. In this example, us-east-2 and us-west-1 contribute data to the aggregation Region.

JSON

{
	"Description": "Example template to configure Security Hub cross-Region aggregation",
	"Resources": {
		"SecurityHubFindingAggregator": {
			"Type": "AWS::SecurityHub::FindingAggregator",
			"Properties": {
				"RegionLinkingMode": "SPECIFIED_REGIONS",
				"Regions": ["us-west-1", "us-east-2"]
			}
		}
	}
}

YAML

Description: Example template to configure Security Hub cross-Region aggregation
Resources:
  SecurityHubFindingAggregator:
    Type: 'AWS::SecurityHub::FindingAggregator'
    Properties:
      RegionLinkingMode: 'SPECIFIED_REGIONS'
      Regions:
        - "us-west-1"
        - "us-east-2"