Creating Security Hub resources with Amazon CloudFormation
Amazon Security Hub integrates with Amazon CloudFormation, which is a service that helps you model and set up your Amazon resources so that you can spend less time creating and managing your resources and infrastructure. You create a template that describes all the Amazon resources that you want (such as automation rules), and Amazon CloudFormation provisions and configures those resources for you.
When you use Amazon CloudFormation, you can reuse your template to set up your Security Hub resources consistently and repeatedly. Describe your resources once, and then provision the same resources over and over in multiple Amazon Web Services accounts and Regions.
Security Hub and Amazon CloudFormation templates
To provision and configure resources for Security Hub and related services, you must understand how Amazon CloudFormation templates work. Templates are text files in JSON or YAML format. These templates describe the resources that you want to provision in your Amazon CloudFormation stacks.
If you're unfamiliar with JSON or YAML, you can use Amazon CloudFormation Designer to help you get started with Amazon CloudFormation templates. For more information, see What is Amazon CloudFormation Designer? in the Amazon CloudFormation User Guide.
You can create Amazon CloudFormation templates for the following types of Security Hub resources:
-
Enabling Security Hub
-
Designating the delegated Security Hub administrator for an organization
-
Enabling a security standard
-
Creating a custom insight
-
Creating an automation rule
-
Subscribing to a third-party product integration
For more information, including examples of JSON and YAML templates for resources, see the Amazon Security Hub resource type reference in the Amazon CloudFormation User Guide.
Learn more about Amazon CloudFormation
To learn more about Amazon CloudFormation, see the following resources: