OrganizationConfiguration - Amazon Security Hub CSPM
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

OrganizationConfiguration

Provides information about the way an organization is configured in Amazon Security Hub CSPM.

Contents

ConfigurationType

Indicates whether the organization uses local or central configuration.

If you use local configuration, the Security Hub CSPM delegated administrator can set AutoEnable to true and AutoEnableStandards to DEFAULT. This automatically enables Security Hub CSPM and default security standards in new organization accounts. These new account settings must be set separately in each Amazon Web Services Region, and settings may be different in each Region.

If you use central configuration, the delegated administrator can create configuration policies. Configuration policies can be used to configure Security Hub CSPM, security standards, and security controls in multiple accounts and Regions. If you want new organization accounts to use a specific configuration, you can create a configuration policy and associate it with the root or specific organizational units (OUs). New accounts will inherit the policy from the root or their assigned OU.

Type: String

Valid Values: CENTRAL | LOCAL

Required: No

Status

Describes whether central configuration could be enabled as the ConfigurationType for the organization. If your ConfigurationType is local configuration, then the value of Status is always ENABLED.

Type: String

Valid Values: PENDING | ENABLED | FAILED

Required: No

StatusMessage

Provides an explanation if the value of Status is equal to FAILED when ConfigurationType is equal to CENTRAL.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: