Docs Home
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
aws-native.securityhub.ConfigurationPolicy
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
The AWS::SecurityHub::ConfigurationPolicy resource represents the Central Configuration Policy in your account.
Create ConfigurationPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ConfigurationPolicy(name: string, args: ConfigurationPolicyArgs, opts?: CustomResourceOptions);@overload
def ConfigurationPolicy(resource_name: str,
args: ConfigurationPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ConfigurationPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
configuration_policy: Optional[ConfigurationPolicyPolicyArgs] = None,
description: Optional[str] = None,
name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewConfigurationPolicy(ctx *Context, name string, args ConfigurationPolicyArgs, opts ...ResourceOption) (*ConfigurationPolicy, error)public ConfigurationPolicy(string name, ConfigurationPolicyArgs args, CustomResourceOptions? opts = null)public ConfigurationPolicy(String name, ConfigurationPolicyArgs args)
public ConfigurationPolicy(String name, ConfigurationPolicyArgs args, CustomResourceOptions options)
type: aws-native:securityhub:ConfigurationPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ConfigurationPolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ConfigurationPolicyArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ConfigurationPolicyArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ConfigurationPolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ConfigurationPolicyArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ConfigurationPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ConfigurationPolicy resource accepts the following input properties:
- Configuration
Policy Value This property is required. Pulumi.Aws Native. Security Hub. Inputs. Configuration Policy Policy - An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
- Description string
- The description of the configuration policy.
- Name string
- The name of the configuration policy.
- Dictionary<string, string>
- User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
- Configuration
Policy This property is required. ConfigurationPolicy Policy Args - An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
- Description string
- The description of the configuration policy.
- Name string
- The name of the configuration policy.
- map[string]string
- User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
- configuration
Policy This property is required. ConfigurationPolicy Policy - An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
- description String
- The description of the configuration policy.
- name String
- The name of the configuration policy.
- Map<String,String>
- User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
- configuration
Policy This property is required. ConfigurationPolicy Policy - An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
- description string
- The description of the configuration policy.
- name string
- The name of the configuration policy.
- {[key: string]: string}
- User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
- configuration_
policy This property is required. ConfigurationPolicy Policy Args - An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
- description str
- The description of the configuration policy.
- name str
- The name of the configuration policy.
- Mapping[str, str]
- User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
- configuration
Policy This property is required. Property Map - An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
- description String
- The description of the configuration policy.
- name String
- The name of the configuration policy.
- Map<String>
- User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
Outputs
All input properties are implicitly available as output properties. Additionally, the ConfigurationPolicy resource produces the following output properties:
- Arn string
- The Amazon Resource Name (ARN) of the configuration policy.
- Aws
Id string - The universally unique identifier (UUID) of the configuration policy.
- Created
At string - The date and time, in UTC and ISO 8601 format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Service
Enabled bool - Indicates whether the service that the configuration policy applies to is enabled in the policy.
- Updated
At string - The date and time, in UTC and ISO 8601 format.
- Arn string
- The Amazon Resource Name (ARN) of the configuration policy.
- Aws
Id string - The universally unique identifier (UUID) of the configuration policy.
- Created
At string - The date and time, in UTC and ISO 8601 format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Service
Enabled bool - Indicates whether the service that the configuration policy applies to is enabled in the policy.
- Updated
At string - The date and time, in UTC and ISO 8601 format.
- arn String
- The Amazon Resource Name (ARN) of the configuration policy.
- aws
Id String - The universally unique identifier (UUID) of the configuration policy.
- created
At String - The date and time, in UTC and ISO 8601 format.
- id String
- The provider-assigned unique ID for this managed resource.
- service
Enabled Boolean - Indicates whether the service that the configuration policy applies to is enabled in the policy.
- updated
At String - The date and time, in UTC and ISO 8601 format.
- arn string
- The Amazon Resource Name (ARN) of the configuration policy.
- aws
Id string - The universally unique identifier (UUID) of the configuration policy.
- created
At string - The date and time, in UTC and ISO 8601 format.
- id string
- The provider-assigned unique ID for this managed resource.
- service
Enabled boolean - Indicates whether the service that the configuration policy applies to is enabled in the policy.
- updated
At string - The date and time, in UTC and ISO 8601 format.
- arn str
- The Amazon Resource Name (ARN) of the configuration policy.
- aws_
id str - The universally unique identifier (UUID) of the configuration policy.
- created_
at str - The date and time, in UTC and ISO 8601 format.
- id str
- The provider-assigned unique ID for this managed resource.
- service_
enabled bool - Indicates whether the service that the configuration policy applies to is enabled in the policy.
- updated_
at str - The date and time, in UTC and ISO 8601 format.
- arn String
- The Amazon Resource Name (ARN) of the configuration policy.
- aws
Id String - The universally unique identifier (UUID) of the configuration policy.
- created
At String - The date and time, in UTC and ISO 8601 format.
- id String
- The provider-assigned unique ID for this managed resource.
- service
Enabled Boolean - Indicates whether the service that the configuration policy applies to is enabled in the policy.
- updated
At String - The date and time, in UTC and ISO 8601 format.
Supporting Types
ConfigurationPolicyParameterConfiguration, ConfigurationPolicyParameterConfigurationArgs
, ConfigurationPolicyParameterConfigurationArgs
- Value
Type This property is required. Pulumi.Aws Native. Security Hub. Configuration Policy Parameter Configuration Value Type - Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
- Value
Pulumi.
Aws Native. Security Hub. Inputs. Configuration Policy Parameter Value
- Value
Type This property is required. ConfigurationPolicy Parameter Configuration Value Type - Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
- Value
Configuration
Policy Parameter Value
- value
Type This property is required. ConfigurationPolicy Parameter Configuration Value Type - Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
- value
Configuration
Policy Parameter Value
- value
Type This property is required. ConfigurationPolicy Parameter Configuration Value Type - Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
- value
Configuration
Policy Parameter Value
- value_
type This property is required. ConfigurationPolicy Parameter Configuration Value Type - Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
- value
Configuration
Policy Parameter Value
- value
Type This property is required. "DEFAULT" | "CUSTOM" - Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
- value Property Map
ConfigurationPolicyParameterConfigurationValueType, ConfigurationPolicyParameterConfigurationValueTypeArgs
, ConfigurationPolicyParameterConfigurationValueTypeArgs
- Default
- DEFAULT
- Custom
- CUSTOM
- Configuration
Policy Parameter Configuration Value Type Default - DEFAULT
- Configuration
Policy Parameter Configuration Value Type Custom - CUSTOM
- Default
- DEFAULT
- Custom
- CUSTOM
- Default
- DEFAULT
- Custom
- CUSTOM
- DEFAULT
- DEFAULT
- CUSTOM
- CUSTOM
- "DEFAULT"
- DEFAULT
- "CUSTOM"
- CUSTOM
ConfigurationPolicyParameterValue, ConfigurationPolicyParameterValueArgs
, ConfigurationPolicyParameterValueArgs
- Boolean bool
- A control parameter that is a boolean.
- Double double
- A control parameter that is a double.
- Enum string
- A control parameter that is an enum.
- Enum
List List<string> - A control parameter that is a list of enums.
- Integer int
- A control parameter that is an integer.
- Integer
List List<int> - A control parameter that is a list of integers.
- String string
- A control parameter that is a string.
- String
List List<string> - A control parameter that is a list of strings.
- Boolean bool
- A control parameter that is a boolean.
- Double float64
- A control parameter that is a double.
- Enum string
- A control parameter that is an enum.
- Enum
List []string - A control parameter that is a list of enums.
- Integer int
- A control parameter that is an integer.
- Integer
List []int - A control parameter that is a list of integers.
- String string
- A control parameter that is a string.
- String
List []string - A control parameter that is a list of strings.
- boolean_ Boolean
- A control parameter that is a boolean.
- double_ Double
- A control parameter that is a double.
- enum
List List<String> - A control parameter that is a list of enums.
- enum_ String
- A control parameter that is an enum.
- integer Integer
- A control parameter that is an integer.
- integer
List List<Integer> - A control parameter that is a list of integers.
- string String
- A control parameter that is a string.
- string
List List<String> - A control parameter that is a list of strings.
- boolean boolean
- A control parameter that is a boolean.
- double number
- A control parameter that is a double.
- enum string
- A control parameter that is an enum.
- enum
List string[] - A control parameter that is a list of enums.
- integer number
- A control parameter that is an integer.
- integer
List number[] - A control parameter that is a list of integers.
- string string
- A control parameter that is a string.
- string
List string[] - A control parameter that is a list of strings.
- boolean bool
- A control parameter that is a boolean.
- double float
- A control parameter that is a double.
- enum str
- A control parameter that is an enum.
- enum_
list Sequence[str] - A control parameter that is a list of enums.
- integer int
- A control parameter that is an integer.
- integer_
list Sequence[int] - A control parameter that is a list of integers.
- string str
- A control parameter that is a string.
- string_
list Sequence[str] - A control parameter that is a list of strings.
- boolean Boolean
- A control parameter that is a boolean.
- double Number
- A control parameter that is a double.
- enum String
- A control parameter that is an enum.
- enum
List List<String> - A control parameter that is a list of enums.
- integer Number
- A control parameter that is an integer.
- integer
List List<Number> - A control parameter that is a list of integers.
- string String
- A control parameter that is a string.
- string
List List<String> - A control parameter that is a list of strings.
ConfigurationPolicyPolicy, ConfigurationPolicyPolicyArgs
, ConfigurationPolicyPolicyArgs
- Security
Hub Pulumi.Aws Native. Security Hub. Inputs. Configuration Policy Security Hub Policy - The AWS service that the configuration policy applies to.
- Security
Hub ConfigurationPolicy Security Hub Policy - The AWS service that the configuration policy applies to.
- security
Hub ConfigurationPolicy Security Hub Policy - The AWS service that the configuration policy applies to.
- security
Hub ConfigurationPolicy Security Hub Policy - The AWS service that the configuration policy applies to.
- security_
hub ConfigurationPolicy Security Hub Policy - The AWS service that the configuration policy applies to.
- security
Hub Property Map - The AWS service that the configuration policy applies to.
ConfigurationPolicySecurityControlCustomParameter, ConfigurationPolicySecurityControlCustomParameterArgs
, ConfigurationPolicySecurityControlCustomParameterArgs
- Parameters
Dictionary<string, Pulumi.
Aws Native. Security Hub. Inputs. Configuration Policy Parameter Configuration> - An object that specifies parameter values for a control in a configuration policy.
- Security
Control stringId - The ID of the security control.
- Parameters
map[string]Configuration
Policy Parameter Configuration - An object that specifies parameter values for a control in a configuration policy.
- Security
Control stringId - The ID of the security control.
- parameters
Map<String,Configuration
Policy Parameter Configuration> - An object that specifies parameter values for a control in a configuration policy.
- security
Control StringId - The ID of the security control.
- parameters
{[key: string]: Configuration
Policy Parameter Configuration} - An object that specifies parameter values for a control in a configuration policy.
- security
Control stringId - The ID of the security control.
- parameters
Mapping[str, Configuration
Policy Parameter Configuration] - An object that specifies parameter values for a control in a configuration policy.
- security_
control_ strid - The ID of the security control.
- parameters Map<Property Map>
- An object that specifies parameter values for a control in a configuration policy.
- security
Control StringId - The ID of the security control.
ConfigurationPolicySecurityControlsConfiguration, ConfigurationPolicySecurityControlsConfigurationArgs
, ConfigurationPolicySecurityControlsConfigurationArgs
- Disabled
Security List<string>Control Identifiers - A list of security controls that are disabled in the configuration policy
- Enabled
Security List<string>Control Identifiers - A list of security controls that are enabled in the configuration policy.
- Security
Control List<Pulumi.Custom Parameters Aws Native. Security Hub. Inputs. Configuration Policy Security Control Custom Parameter> - A list of security controls and control parameter values that are included in a configuration policy.
- Disabled
Security []stringControl Identifiers - A list of security controls that are disabled in the configuration policy
- Enabled
Security []stringControl Identifiers - A list of security controls that are enabled in the configuration policy.
- Security
Control []ConfigurationCustom Parameters Policy Security Control Custom Parameter - A list of security controls and control parameter values that are included in a configuration policy.
- disabled
Security List<String>Control Identifiers - A list of security controls that are disabled in the configuration policy
- enabled
Security List<String>Control Identifiers - A list of security controls that are enabled in the configuration policy.
- security
Control List<ConfigurationCustom Parameters Policy Security Control Custom Parameter> - A list of security controls and control parameter values that are included in a configuration policy.
- disabled
Security string[]Control Identifiers - A list of security controls that are disabled in the configuration policy
- enabled
Security string[]Control Identifiers - A list of security controls that are enabled in the configuration policy.
- security
Control ConfigurationCustom Parameters Policy Security Control Custom Parameter[] - A list of security controls and control parameter values that are included in a configuration policy.
- disabled_
security_ Sequence[str]control_ identifiers - A list of security controls that are disabled in the configuration policy
- enabled_
security_ Sequence[str]control_ identifiers - A list of security controls that are enabled in the configuration policy.
- security_
control_ Sequence[Configurationcustom_ parameters Policy Security Control Custom Parameter] - A list of security controls and control parameter values that are included in a configuration policy.
- disabled
Security List<String>Control Identifiers - A list of security controls that are disabled in the configuration policy
- enabled
Security List<String>Control Identifiers - A list of security controls that are enabled in the configuration policy.
- security
Control List<Property Map>Custom Parameters - A list of security controls and control parameter values that are included in a configuration policy.
ConfigurationPolicySecurityHubPolicy, ConfigurationPolicySecurityHubPolicyArgs
, ConfigurationPolicySecurityHubPolicyArgs
- Enabled
Standard List<string>Identifiers - A list that defines which security standards are enabled in the configuration policy.
- Security
Controls Pulumi.Configuration Aws Native. Security Hub. Inputs. Configuration Policy Security Controls Configuration An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabledis set to true in your configuration policy.- Service
Enabled bool - Indicates whether Security Hub is enabled in the policy.
- Enabled
Standard []stringIdentifiers - A list that defines which security standards are enabled in the configuration policy.
- Security
Controls ConfigurationConfiguration Policy Security Controls Configuration An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabledis set to true in your configuration policy.- Service
Enabled bool - Indicates whether Security Hub is enabled in the policy.
- enabled
Standard List<String>Identifiers - A list that defines which security standards are enabled in the configuration policy.
- security
Controls ConfigurationConfiguration Policy Security Controls Configuration An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabledis set to true in your configuration policy.- service
Enabled Boolean - Indicates whether Security Hub is enabled in the policy.
- enabled
Standard string[]Identifiers - A list that defines which security standards are enabled in the configuration policy.
- security
Controls ConfigurationConfiguration Policy Security Controls Configuration An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabledis set to true in your configuration policy.- service
Enabled boolean - Indicates whether Security Hub is enabled in the policy.
- enabled_
standard_ Sequence[str]identifiers - A list that defines which security standards are enabled in the configuration policy.
- security_
controls_ Configurationconfiguration Policy Security Controls Configuration An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabledis set to true in your configuration policy.- service_
enabled bool - Indicates whether Security Hub is enabled in the policy.
- enabled
Standard List<String>Identifiers - A list that defines which security standards are enabled in the configuration policy.
- security
Controls Property MapConfiguration An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabledis set to true in your configuration policy.- service
Enabled Boolean - Indicates whether Security Hub is enabled in the policy.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi