Skip to content

Resource: awsSecurityhubOrganizationConfiguration

Manages the Security Hub Organization Configuration.

\~> NOTE: This resource requires an awsSecurityhubOrganizationAdminAccount to be configured (not necessarily with Terraform). More information about managing Security Hub in an organization can be found in the Managing administrator and member accounts documentation

\~> NOTE: This is an advanced Terraform resource. Terraform will automatically assume management of the Security Hub Organization Configuration without import and perform no actions on removal from the Terraform configuration.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsOrganizationsOrganizationExample =
  new aws.organizationsOrganization.OrganizationsOrganization(this, "example", {
    awsServiceAccessPrincipals: ["securityhub.amazonaws.com"],
    featureSet: "ALL",
  });
const awsSecurityhubOrganizationAdminAccountExample =
  new aws.securityhubOrganizationAdminAccount.SecurityhubOrganizationAdminAccount(
    this,
    "example_1",
    {
      adminAccountId: "123456789012",
      depends_on: [`\${${awsOrganizationsOrganizationExample.fqn}}`],
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubOrganizationAdminAccountExample.overrideLogicalId("example");
const awsSecurityhubOrganizationConfigurationExample =
  new aws.securityhubOrganizationConfiguration.SecurityhubOrganizationConfiguration(
    this,
    "example_2",
    {
      autoEnable: true,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubOrganizationConfigurationExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • autoEnable - (Required) Whether to automatically enable Security Hub for new accounts in the organization.
  • autoEnableStandards - (Optional) Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to default, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to none.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - AWS Account ID.

Import

An existing Security Hub enabled account can be imported using the AWS account ID, e.g.,

$ terraform import aws_securityhub_organization_configuration.example 123456789012