Resource: awsSecurityhubStandardsSubscription
Subscribes to a Security Hub standard.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecurityhubAccountExample =
new aws.securityhubAccount.SecurityhubAccount(this, "example", {});
new aws.securityhubStandardsSubscription.SecurityhubStandardsSubscription(
this,
"cis",
{
depends_on: [`\${${awsSecurityhubAccountExample.fqn}}`],
standardsArn:
"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}
);
const dataAwsRegionCurrent = new aws.dataAwsRegion.DataAwsRegion(
this,
"current",
{}
);
new aws.securityhubStandardsSubscription.SecurityhubStandardsSubscription(
this,
"pci_321",
{
depends_on: [`\${${awsSecurityhubAccountExample.fqn}}`],
standardsArn: `arn:aws:securityhub:\${${dataAwsRegionCurrent.name}}::standards/pci-dss/v/3.2.1`,
}
);
Argument Reference
The following arguments are supported:
standardsArn- (Required) The ARN of a standard - see below.
Currently available standards (remember to replace ${varRegion} as appropriate):
| Name | ARN |
|---|---|
| AWS Foundational Security Best Practices | arn:aws:securityhub:${varRegion}::standards/awsFoundationalSecurityBestPractices/v/100 |
| CIS AWS Foundations Benchmark v1.2.0 | arn:aws:securityhub:::ruleset/cisAwsFoundationsBenchmark/v/120 |
| CIS AWS Foundations Benchmark v1.4.0 | arn:aws:securityhub:${varRegion}::standards/cisAwsFoundationsBenchmark/v/140 |
| PCI DSS | arn:aws:securityhub:${varRegion}::standards/pciDss/v/321 |
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id- The ARN of a resource that represents your subscription to a supported standard.
Import
Security Hub standards subscriptions can be imported using the standards subscription ARN, e.g.,