Skip to content

Resource: awsSecurityhubOrganizationAdminAccount

Manages a Security Hub administrator account for an organization. The AWS account utilizing this resource must be an Organizations primary account. More information about Organizations support in Security Hub can be found in the Security Hub User Guide.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsOrganizationsOrganizationExample =
  new aws.organizationsOrganization.OrganizationsOrganization(this, "example", {
    awsServiceAccessPrincipals: ["securityhub.amazonaws.com"],
    featureSet: "ALL",
  });
const awsSecurityhubAccountExample =
  new aws.securityhubAccount.SecurityhubAccount(this, "example_1", {});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubAccountExample.overrideLogicalId("example");
const awsSecurityhubOrganizationAdminAccountExample =
  new aws.securityhubOrganizationAdminAccount.SecurityhubOrganizationAdminAccount(
    this,
    "example_2",
    {
      adminAccountId: "123456789012",
      depends_on: [`\${${awsOrganizationsOrganizationExample.fqn}}`],
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubOrganizationAdminAccountExample.overrideLogicalId("example");
const awsSecurityhubOrganizationConfigurationExample =
  new aws.securityhubOrganizationConfiguration.SecurityhubOrganizationConfiguration(
    this,
    "example_3",
    {
      autoEnable: true,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubOrganizationConfigurationExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • adminAccountId - (Required) The AWS account identifier of the account to designate as the Security Hub administrator account.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - AWS account identifier.

Import

Security Hub Organization Admin Accounts can be imported using the AWS account ID, e.g.,

$ terraform import aws_securityhub_organization_admin_account.example 123456789012