Resource: awsSecurityhubStandardsControl
Disable/enable Security Hub standards control in the current region.
The awsSecurityhubStandardsControl
behaves differently from normal resources, in that Terraform does not create this resource, but instead "adopts" it into management. When you delete this resource configuration, Terraform "abandons" resource as is and just removes it from the state.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecurityhubAccountExample =
new aws.securityhubAccount.SecurityhubAccount(this, "example", {});
const awsSecurityhubStandardsSubscriptionCisAwsFoundationsBenchmark =
new aws.securityhubStandardsSubscription.SecurityhubStandardsSubscription(
this,
"cis_aws_foundations_benchmark",
{
depends_on: [`\${${awsSecurityhubAccountExample.fqn}}`],
standardsArn:
"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}
);
new aws.securityhubStandardsControl.SecurityhubStandardsControl(
this,
"ensure_iam_password_policy_prevents_password_reuse",
{
controlStatus: "DISABLED",
depends_on: [
`\${${awsSecurityhubStandardsSubscriptionCisAwsFoundationsBenchmark.fqn}}`,
],
disabledReason: "We handle password policies within Okta",
standardsControlArn:
"arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
}
);
Argument Reference
The following arguments are supported:
standardsControlArn
- (Required) The standards control ARN.controlStatus
– (Required) The control status could beenabled
ordisabled
. You have to specifydisabledReason
argument fordisabled
control status.disabledReason
– (Optional) A description of the reason why you are disabling a security standard control. If you specify this attribute,controlStatus
will be set todisabled
automatically.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The standard control ARN.controlId
– The identifier of the security standard control.controlStatusUpdatedAt
– The date and time that the status of the security standard control was most recently updated.description
– The standard control longer description. Provides information about what the control is checking for.relatedRequirements
– The list of requirements that are related to this control.remediationUrl
– A link to remediation information for the control in the Security Hub user documentation.severityRating
– The severity of findings generated from this security standard control.title
– The standard control title.