Try AWS Native preview for resources not in the classic version.
aws.securityhub.StandardsControl
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Disable/enable Security Hub standards control in the current region.
The aws.securityhub.StandardsControl
behaves differently from normal resources, in that
Pulumi does not create this resource, but instead “adopts” it
into management. When you delete this resource configuration, Pulumi “abandons” resource as is and just removes it from the state.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.securityhub.Account("example", {});
const cisAwsFoundationsBenchmark = new aws.securityhub.StandardsSubscription("cis_aws_foundations_benchmark", {standardsArn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"}, {
dependsOn: [example],
});
const ensureIamPasswordPolicyPreventsPasswordReuse = new aws.securityhub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse", {
standardsControlArn: "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
controlStatus: "DISABLED",
disabledReason: "We handle password policies within Okta",
}, {
dependsOn: [cisAwsFoundationsBenchmark],
});
import pulumi
import pulumi_aws as aws
example = aws.securityhub.Account("example")
cis_aws_foundations_benchmark = aws.securityhub.StandardsSubscription("cis_aws_foundations_benchmark", standards_arn="arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
opts = pulumi.ResourceOptions(depends_on=[example]))
ensure_iam_password_policy_prevents_password_reuse = aws.securityhub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse",
standards_control_arn="arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
control_status="DISABLED",
disabled_reason="We handle password policies within Okta",
opts = pulumi.ResourceOptions(depends_on=[cis_aws_foundations_benchmark]))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := securityhub.NewAccount(ctx, "example", nil)
if err != nil {
return err
}
cisAwsFoundationsBenchmark, err := securityhub.NewStandardsSubscription(ctx, "cis_aws_foundations_benchmark", &securityhub.StandardsSubscriptionArgs{
StandardsArn: pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
}, pulumi.DependsOn([]pulumi.Resource{
example,
}))
if err != nil {
return err
}
_, err = securityhub.NewStandardsControl(ctx, "ensure_iam_password_policy_prevents_password_reuse", &securityhub.StandardsControlArgs{
StandardsControlArn: pulumi.String("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10"),
ControlStatus: pulumi.String("DISABLED"),
DisabledReason: pulumi.String("We handle password policies within Okta"),
}, pulumi.DependsOn([]pulumi.Resource{
cisAwsFoundationsBenchmark,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SecurityHub.Account("example");
var cisAwsFoundationsBenchmark = new Aws.SecurityHub.StandardsSubscription("cis_aws_foundations_benchmark", new()
{
StandardsArn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}, new CustomResourceOptions
{
DependsOn =
{
example,
},
});
var ensureIamPasswordPolicyPreventsPasswordReuse = new Aws.SecurityHub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse", new()
{
StandardsControlArn = "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
ControlStatus = "DISABLED",
DisabledReason = "We handle password policies within Okta",
}, new CustomResourceOptions
{
DependsOn =
{
cisAwsFoundationsBenchmark,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.StandardsSubscription;
import com.pulumi.aws.securityhub.StandardsSubscriptionArgs;
import com.pulumi.aws.securityhub.StandardsControl;
import com.pulumi.aws.securityhub.StandardsControlArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Account("example");
var cisAwsFoundationsBenchmark = new StandardsSubscription("cisAwsFoundationsBenchmark", StandardsSubscriptionArgs.builder()
.standardsArn("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0")
.build(), CustomResourceOptions.builder()
.dependsOn(example)
.build());
var ensureIamPasswordPolicyPreventsPasswordReuse = new StandardsControl("ensureIamPasswordPolicyPreventsPasswordReuse", StandardsControlArgs.builder()
.standardsControlArn("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10")
.controlStatus("DISABLED")
.disabledReason("We handle password policies within Okta")
.build(), CustomResourceOptions.builder()
.dependsOn(cisAwsFoundationsBenchmark)
.build());
}
}
resources:
example:
type: aws:securityhub:Account
cisAwsFoundationsBenchmark:
type: aws:securityhub:StandardsSubscription
name: cis_aws_foundations_benchmark
properties:
standardsArn: arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0
options:
dependson:
- ${example}
ensureIamPasswordPolicyPreventsPasswordReuse:
type: aws:securityhub:StandardsControl
name: ensure_iam_password_policy_prevents_password_reuse
properties:
standardsControlArn: arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10
controlStatus: DISABLED
disabledReason: We handle password policies within Okta
options:
dependson:
- ${cisAwsFoundationsBenchmark}
Create StandardsControl Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new StandardsControl(name: string, args: StandardsControlArgs, opts?: CustomResourceOptions);
@overload
def StandardsControl(resource_name: str,
args: StandardsControlArgs,
opts: Optional[ResourceOptions] = None)
@overload
def StandardsControl(resource_name: str,
opts: Optional[ResourceOptions] = None,
control_status: Optional[str] = None,
standards_control_arn: Optional[str] = None,
disabled_reason: Optional[str] = None)
func NewStandardsControl(ctx *Context, name string, args StandardsControlArgs, opts ...ResourceOption) (*StandardsControl, error)
public StandardsControl(string name, StandardsControlArgs args, CustomResourceOptions? opts = null)
public StandardsControl(String name, StandardsControlArgs args)
public StandardsControl(String name, StandardsControlArgs args, CustomResourceOptions options)
type: aws:securityhub:StandardsControl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args StandardsControlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args StandardsControlArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args StandardsControlArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args StandardsControlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args StandardsControlArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var standardsControlResource = new Aws.SecurityHub.StandardsControl("standardsControlResource", new()
{
ControlStatus = "string",
StandardsControlArn = "string",
DisabledReason = "string",
});
example, err := securityhub.NewStandardsControl(ctx, "standardsControlResource", &securityhub.StandardsControlArgs{
ControlStatus: pulumi.String("string"),
StandardsControlArn: pulumi.String("string"),
DisabledReason: pulumi.String("string"),
})
var standardsControlResource = new StandardsControl("standardsControlResource", StandardsControlArgs.builder()
.controlStatus("string")
.standardsControlArn("string")
.disabledReason("string")
.build());
standards_control_resource = aws.securityhub.StandardsControl("standardsControlResource",
control_status="string",
standards_control_arn="string",
disabled_reason="string")
const standardsControlResource = new aws.securityhub.StandardsControl("standardsControlResource", {
controlStatus: "string",
standardsControlArn: "string",
disabledReason: "string",
});
type: aws:securityhub:StandardsControl
properties:
controlStatus: string
disabledReason: string
standardsControlArn: string
StandardsControl Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The StandardsControl resource accepts the following input properties:
- Control
Status string - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - Standards
Control stringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - Disabled
Reason string - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically.
- Control
Status string - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - Standards
Control stringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - Disabled
Reason string - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically.
- control
Status String - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - standards
Control StringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - disabled
Reason String - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically.
- control
Status string - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - standards
Control stringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - disabled
Reason string - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically.
- control_
status str - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - standards_
control_ strarn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - disabled_
reason str - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically.
- control
Status String - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - standards
Control StringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - disabled
Reason String - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically.
Outputs
All input properties are implicitly available as output properties. Additionally, the StandardsControl resource produces the following output properties:
- Control
Id string - The identifier of the security standard control.
- Control
Status stringUpdated At - The date and time that the status of the security standard control was most recently updated.
- Description string
- The standard control longer description. Provides information about what the control is checking for.
- Id string
- The provider-assigned unique ID for this managed resource.
- List<string>
- The list of requirements that are related to this control.
- Remediation
Url string - A link to remediation information for the control in the Security Hub user documentation.
- Severity
Rating string - The severity of findings generated from this security standard control.
- Title string
- The standard control title.
- Control
Id string - The identifier of the security standard control.
- Control
Status stringUpdated At - The date and time that the status of the security standard control was most recently updated.
- Description string
- The standard control longer description. Provides information about what the control is checking for.
- Id string
- The provider-assigned unique ID for this managed resource.
- []string
- The list of requirements that are related to this control.
- Remediation
Url string - A link to remediation information for the control in the Security Hub user documentation.
- Severity
Rating string - The severity of findings generated from this security standard control.
- Title string
- The standard control title.
- control
Id String - The identifier of the security standard control.
- control
Status StringUpdated At - The date and time that the status of the security standard control was most recently updated.
- description String
- The standard control longer description. Provides information about what the control is checking for.
- id String
- The provider-assigned unique ID for this managed resource.
- List<String>
- The list of requirements that are related to this control.
- remediation
Url String - A link to remediation information for the control in the Security Hub user documentation.
- severity
Rating String - The severity of findings generated from this security standard control.
- title String
- The standard control title.
- control
Id string - The identifier of the security standard control.
- control
Status stringUpdated At - The date and time that the status of the security standard control was most recently updated.
- description string
- The standard control longer description. Provides information about what the control is checking for.
- id string
- The provider-assigned unique ID for this managed resource.
- string[]
- The list of requirements that are related to this control.
- remediation
Url string - A link to remediation information for the control in the Security Hub user documentation.
- severity
Rating string - The severity of findings generated from this security standard control.
- title string
- The standard control title.
- control_
id str - The identifier of the security standard control.
- control_
status_ strupdated_ at - The date and time that the status of the security standard control was most recently updated.
- description str
- The standard control longer description. Provides information about what the control is checking for.
- id str
- The provider-assigned unique ID for this managed resource.
- Sequence[str]
- The list of requirements that are related to this control.
- remediation_
url str - A link to remediation information for the control in the Security Hub user documentation.
- severity_
rating str - The severity of findings generated from this security standard control.
- title str
- The standard control title.
- control
Id String - The identifier of the security standard control.
- control
Status StringUpdated At - The date and time that the status of the security standard control was most recently updated.
- description String
- The standard control longer description. Provides information about what the control is checking for.
- id String
- The provider-assigned unique ID for this managed resource.
- List<String>
- The list of requirements that are related to this control.
- remediation
Url String - A link to remediation information for the control in the Security Hub user documentation.
- severity
Rating String - The severity of findings generated from this security standard control.
- title String
- The standard control title.
Look up Existing StandardsControl Resource
Get an existing StandardsControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: StandardsControlState, opts?: CustomResourceOptions): StandardsControl
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
control_id: Optional[str] = None,
control_status: Optional[str] = None,
control_status_updated_at: Optional[str] = None,
description: Optional[str] = None,
disabled_reason: Optional[str] = None,
related_requirements: Optional[Sequence[str]] = None,
remediation_url: Optional[str] = None,
severity_rating: Optional[str] = None,
standards_control_arn: Optional[str] = None,
title: Optional[str] = None) -> StandardsControl
func GetStandardsControl(ctx *Context, name string, id IDInput, state *StandardsControlState, opts ...ResourceOption) (*StandardsControl, error)
public static StandardsControl Get(string name, Input<string> id, StandardsControlState? state, CustomResourceOptions? opts = null)
public static StandardsControl get(String name, Output<String> id, StandardsControlState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Control
Id string - The identifier of the security standard control.
- Control
Status string - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - Control
Status stringUpdated At - The date and time that the status of the security standard control was most recently updated.
- Description string
- The standard control longer description. Provides information about what the control is checking for.
- Disabled
Reason string - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically. - List<string>
- The list of requirements that are related to this control.
- Remediation
Url string - A link to remediation information for the control in the Security Hub user documentation.
- Severity
Rating string - The severity of findings generated from this security standard control.
- Standards
Control stringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - Title string
- The standard control title.
- Control
Id string - The identifier of the security standard control.
- Control
Status string - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - Control
Status stringUpdated At - The date and time that the status of the security standard control was most recently updated.
- Description string
- The standard control longer description. Provides information about what the control is checking for.
- Disabled
Reason string - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically. - []string
- The list of requirements that are related to this control.
- Remediation
Url string - A link to remediation information for the control in the Security Hub user documentation.
- Severity
Rating string - The severity of findings generated from this security standard control.
- Standards
Control stringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - Title string
- The standard control title.
- control
Id String - The identifier of the security standard control.
- control
Status String - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - control
Status StringUpdated At - The date and time that the status of the security standard control was most recently updated.
- description String
- The standard control longer description. Provides information about what the control is checking for.
- disabled
Reason String - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically. - List<String>
- The list of requirements that are related to this control.
- remediation
Url String - A link to remediation information for the control in the Security Hub user documentation.
- severity
Rating String - The severity of findings generated from this security standard control.
- standards
Control StringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - title String
- The standard control title.
- control
Id string - The identifier of the security standard control.
- control
Status string - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - control
Status stringUpdated At - The date and time that the status of the security standard control was most recently updated.
- description string
- The standard control longer description. Provides information about what the control is checking for.
- disabled
Reason string - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically. - string[]
- The list of requirements that are related to this control.
- remediation
Url string - A link to remediation information for the control in the Security Hub user documentation.
- severity
Rating string - The severity of findings generated from this security standard control.
- standards
Control stringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - title string
- The standard control title.
- control_
id str - The identifier of the security standard control.
- control_
status str - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - control_
status_ strupdated_ at - The date and time that the status of the security standard control was most recently updated.
- description str
- The standard control longer description. Provides information about what the control is checking for.
- disabled_
reason str - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically. - Sequence[str]
- The list of requirements that are related to this control.
- remediation_
url str - A link to remediation information for the control in the Security Hub user documentation.
- severity_
rating str - The severity of findings generated from this security standard control.
- standards_
control_ strarn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - title str
- The standard control title.
- control
Id String - The identifier of the security standard control.
- control
Status String - The control status could be
ENABLED
orDISABLED
. You have to specifydisabled_reason
argument forDISABLED
control status. - control
Status StringUpdated At - The date and time that the status of the security standard control was most recently updated.
- description String
- The standard control longer description. Provides information about what the control is checking for.
- disabled
Reason String - A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_status
will be set toDISABLED
automatically. - List<String>
- The list of requirements that are related to this control.
- remediation
Url String - A link to remediation information for the control in the Security Hub user documentation.
- severity
Rating String - The severity of findings generated from this security standard control.
- standards
Control StringArn - The standards control ARN. See the AWS documentation for how to list existing controls using
get-enabled-standards
anddescribe-standards-controls
. - title String
- The standard control title.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.
Try AWS Native preview for resources not in the classic version.