Resource: awsSecurityhubFindingAggregator
Manages a Security Hub finding aggregator. Security Hub needs to be enabled in a region in order for the aggregator to pull through findings.
Example Usage
All Regions Usage
The following example will enable the aggregator for every region.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecurityhubAccountExample =
new aws.securityhubAccount.SecurityhubAccount(this, "example", {});
const awsSecurityhubFindingAggregatorExample =
new aws.securityhubFindingAggregator.SecurityhubFindingAggregator(
this,
"example_1",
{
depends_on: [`\${${awsSecurityhubAccountExample.fqn}}`],
linkingMode: "ALL_REGIONS",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubFindingAggregatorExample.overrideLogicalId("example");
All Regions Except Specified Regions Usage
The following example will enable the aggregator for every region except those specified in specifiedRegions
.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecurityhubAccountExample =
new aws.securityhubAccount.SecurityhubAccount(this, "example", {});
const awsSecurityhubFindingAggregatorExample =
new aws.securityhubFindingAggregator.SecurityhubFindingAggregator(
this,
"example_1",
{
depends_on: [`\${${awsSecurityhubAccountExample.fqn}}`],
linkingMode: "ALL_REGIONS_EXCEPT_SPECIFIED",
specifiedRegions: ["eu-west-1", "eu-west-2"],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubFindingAggregatorExample.overrideLogicalId("example");
Specified Regions Usage
The following example will enable the aggregator for every region specified in specifiedRegions
.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecurityhubAccountExample =
new aws.securityhubAccount.SecurityhubAccount(this, "example", {});
const awsSecurityhubFindingAggregatorExample =
new aws.securityhubFindingAggregator.SecurityhubFindingAggregator(
this,
"example_1",
{
depends_on: [`\${${awsSecurityhubAccountExample.fqn}}`],
linkingMode: "SPECIFIED_REGIONS",
specifiedRegions: ["eu-west-1", "eu-west-2"],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubFindingAggregatorExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
linkingMode
- (Required) Indicates whether to aggregate findings from all of the available Regions or from a specified list. The options areALL_REGIONS
,ALL_REGIONS_EXCEPT_SPECIFIED
orSPECIFIED_REGIONS
. WhenALL_REGIONS
orALL_REGIONS_EXCEPT_SPECIFIED
are used, Security Hub will automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.specifiedRegions
- (Optional) List of regions to include or exclude (required iflinkingMode
is set toALL_REGIONS_EXCEPT_SPECIFIED
orSPECIFIED_REGIONS
)
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- Amazon Resource Name (ARN) of the Security Hub finding aggregator.
Import
An existing Security Hub finding aggregator can be imported using the arn
, e.g.,