Resource: awsSecurityhubOrganizationConfiguration
Manages the Security Hub Organization Configuration.
\~> NOTE: This resource requires an awsSecurityhubOrganizationAdminAccount
to be configured (not necessarily with Terraform). More information about managing Security Hub in an organization can be found in the Managing administrator and member accounts documentation
\~> NOTE: This is an advanced Terraform resource. Terraform will automatically assume management of the Security Hub Organization Configuration without import and perform no actions on removal from the Terraform configuration.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsOrganizationsOrganizationExample =
new aws.organizationsOrganization.OrganizationsOrganization(this, "example", {
awsServiceAccessPrincipals: ["securityhub.amazonaws.com"],
featureSet: "ALL",
});
const awsSecurityhubOrganizationAdminAccountExample =
new aws.securityhubOrganizationAdminAccount.SecurityhubOrganizationAdminAccount(
this,
"example_1",
{
adminAccountId: "123456789012",
depends_on: [`\${${awsOrganizationsOrganizationExample.fqn}}`],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubOrganizationAdminAccountExample.overrideLogicalId("example");
const awsSecurityhubOrganizationConfigurationExample =
new aws.securityhubOrganizationConfiguration.SecurityhubOrganizationConfiguration(
this,
"example_2",
{
autoEnable: true,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSecurityhubOrganizationConfigurationExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
autoEnable
- (Required) Whether to automatically enable Security Hub for new accounts in the organization.autoEnableStandards
- (Optional) Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal todefault
, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal tonone
.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- AWS Account ID.
Import
An existing Security Hub enabled account can be imported using the AWS account ID, e.g.,