1. Packages
  2. AWS Classic
  3. API Docs
  4. securityhub
  5. StandardsControl

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi

aws.securityhub.StandardsControl

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi

    Disable/enable Security Hub standards control in the current region.

    The aws.securityhub.StandardsControl behaves differently from normal resources, in that Pulumi does not create this resource, but instead “adopts” it into management. When you delete this resource configuration, Pulumi “abandons” resource as is and just removes it from the state.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.securityhub.Account("example", {});
    const cisAwsFoundationsBenchmark = new aws.securityhub.StandardsSubscription("cis_aws_foundations_benchmark", {standardsArn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"}, {
        dependsOn: [example],
    });
    const ensureIamPasswordPolicyPreventsPasswordReuse = new aws.securityhub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse", {
        standardsControlArn: "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
        controlStatus: "DISABLED",
        disabledReason: "We handle password policies within Okta",
    }, {
        dependsOn: [cisAwsFoundationsBenchmark],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.securityhub.Account("example")
    cis_aws_foundations_benchmark = aws.securityhub.StandardsSubscription("cis_aws_foundations_benchmark", standards_arn="arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
    opts = pulumi.ResourceOptions(depends_on=[example]))
    ensure_iam_password_policy_prevents_password_reuse = aws.securityhub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse",
        standards_control_arn="arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
        control_status="DISABLED",
        disabled_reason="We handle password policies within Okta",
        opts = pulumi.ResourceOptions(depends_on=[cis_aws_foundations_benchmark]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := securityhub.NewAccount(ctx, "example", nil)
    		if err != nil {
    			return err
    		}
    		cisAwsFoundationsBenchmark, err := securityhub.NewStandardsSubscription(ctx, "cis_aws_foundations_benchmark", &securityhub.StandardsSubscriptionArgs{
    			StandardsArn: pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			example,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = securityhub.NewStandardsControl(ctx, "ensure_iam_password_policy_prevents_password_reuse", &securityhub.StandardsControlArgs{
    			StandardsControlArn: pulumi.String("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10"),
    			ControlStatus:       pulumi.String("DISABLED"),
    			DisabledReason:      pulumi.String("We handle password policies within Okta"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			cisAwsFoundationsBenchmark,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.SecurityHub.Account("example");
    
        var cisAwsFoundationsBenchmark = new Aws.SecurityHub.StandardsSubscription("cis_aws_foundations_benchmark", new()
        {
            StandardsArn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                example,
            },
        });
    
        var ensureIamPasswordPolicyPreventsPasswordReuse = new Aws.SecurityHub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse", new()
        {
            StandardsControlArn = "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
            ControlStatus = "DISABLED",
            DisabledReason = "We handle password policies within Okta",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                cisAwsFoundationsBenchmark,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.securityhub.Account;
    import com.pulumi.aws.securityhub.StandardsSubscription;
    import com.pulumi.aws.securityhub.StandardsSubscriptionArgs;
    import com.pulumi.aws.securityhub.StandardsControl;
    import com.pulumi.aws.securityhub.StandardsControlArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Account("example");
    
            var cisAwsFoundationsBenchmark = new StandardsSubscription("cisAwsFoundationsBenchmark", StandardsSubscriptionArgs.builder()
                .standardsArn("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(example)
                    .build());
    
            var ensureIamPasswordPolicyPreventsPasswordReuse = new StandardsControl("ensureIamPasswordPolicyPreventsPasswordReuse", StandardsControlArgs.builder()
                .standardsControlArn("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10")
                .controlStatus("DISABLED")
                .disabledReason("We handle password policies within Okta")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(cisAwsFoundationsBenchmark)
                    .build());
    
        }
    }
    
    resources:
      example:
        type: aws:securityhub:Account
      cisAwsFoundationsBenchmark:
        type: aws:securityhub:StandardsSubscription
        name: cis_aws_foundations_benchmark
        properties:
          standardsArn: arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0
        options:
          dependson:
            - ${example}
      ensureIamPasswordPolicyPreventsPasswordReuse:
        type: aws:securityhub:StandardsControl
        name: ensure_iam_password_policy_prevents_password_reuse
        properties:
          standardsControlArn: arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10
          controlStatus: DISABLED
          disabledReason: We handle password policies within Okta
        options:
          dependson:
            - ${cisAwsFoundationsBenchmark}
    

    Create StandardsControl Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new StandardsControl(name: string, args: StandardsControlArgs, opts?: CustomResourceOptions);
    @overload
    def StandardsControl(resource_name: str,
                         args: StandardsControlArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def StandardsControl(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         control_status: Optional[str] = None,
                         standards_control_arn: Optional[str] = None,
                         disabled_reason: Optional[str] = None)
    func NewStandardsControl(ctx *Context, name string, args StandardsControlArgs, opts ...ResourceOption) (*StandardsControl, error)
    public StandardsControl(string name, StandardsControlArgs args, CustomResourceOptions? opts = null)
    public StandardsControl(String name, StandardsControlArgs args)
    public StandardsControl(String name, StandardsControlArgs args, CustomResourceOptions options)
    
    type: aws:securityhub:StandardsControl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args StandardsControlArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args StandardsControlArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args StandardsControlArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args StandardsControlArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args StandardsControlArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var standardsControlResource = new Aws.SecurityHub.StandardsControl("standardsControlResource", new()
    {
        ControlStatus = "string",
        StandardsControlArn = "string",
        DisabledReason = "string",
    });
    
    example, err := securityhub.NewStandardsControl(ctx, "standardsControlResource", &securityhub.StandardsControlArgs{
    	ControlStatus:       pulumi.String("string"),
    	StandardsControlArn: pulumi.String("string"),
    	DisabledReason:      pulumi.String("string"),
    })
    
    var standardsControlResource = new StandardsControl("standardsControlResource", StandardsControlArgs.builder()
        .controlStatus("string")
        .standardsControlArn("string")
        .disabledReason("string")
        .build());
    
    standards_control_resource = aws.securityhub.StandardsControl("standardsControlResource",
        control_status="string",
        standards_control_arn="string",
        disabled_reason="string")
    
    const standardsControlResource = new aws.securityhub.StandardsControl("standardsControlResource", {
        controlStatus: "string",
        standardsControlArn: "string",
        disabledReason: "string",
    });
    
    type: aws:securityhub:StandardsControl
    properties:
        controlStatus: string
        disabledReason: string
        standardsControlArn: string
    

    StandardsControl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The StandardsControl resource accepts the following input properties:

    ControlStatus string
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    StandardsControlArn string
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    DisabledReason string
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    ControlStatus string
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    StandardsControlArn string
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    DisabledReason string
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    controlStatus String
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    standardsControlArn String
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    disabledReason String
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    controlStatus string
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    standardsControlArn string
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    disabledReason string
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    control_status str
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    standards_control_arn str
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    disabled_reason str
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    controlStatus String
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    standardsControlArn String
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    disabledReason String
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the StandardsControl resource produces the following output properties:

    ControlId string
    The identifier of the security standard control.
    ControlStatusUpdatedAt string
    The date and time that the status of the security standard control was most recently updated.
    Description string
    The standard control longer description. Provides information about what the control is checking for.
    Id string
    The provider-assigned unique ID for this managed resource.
    RelatedRequirements List<string>
    The list of requirements that are related to this control.
    RemediationUrl string
    A link to remediation information for the control in the Security Hub user documentation.
    SeverityRating string
    The severity of findings generated from this security standard control.
    Title string
    The standard control title.
    ControlId string
    The identifier of the security standard control.
    ControlStatusUpdatedAt string
    The date and time that the status of the security standard control was most recently updated.
    Description string
    The standard control longer description. Provides information about what the control is checking for.
    Id string
    The provider-assigned unique ID for this managed resource.
    RelatedRequirements []string
    The list of requirements that are related to this control.
    RemediationUrl string
    A link to remediation information for the control in the Security Hub user documentation.
    SeverityRating string
    The severity of findings generated from this security standard control.
    Title string
    The standard control title.
    controlId String
    The identifier of the security standard control.
    controlStatusUpdatedAt String
    The date and time that the status of the security standard control was most recently updated.
    description String
    The standard control longer description. Provides information about what the control is checking for.
    id String
    The provider-assigned unique ID for this managed resource.
    relatedRequirements List<String>
    The list of requirements that are related to this control.
    remediationUrl String
    A link to remediation information for the control in the Security Hub user documentation.
    severityRating String
    The severity of findings generated from this security standard control.
    title String
    The standard control title.
    controlId string
    The identifier of the security standard control.
    controlStatusUpdatedAt string
    The date and time that the status of the security standard control was most recently updated.
    description string
    The standard control longer description. Provides information about what the control is checking for.
    id string
    The provider-assigned unique ID for this managed resource.
    relatedRequirements string[]
    The list of requirements that are related to this control.
    remediationUrl string
    A link to remediation information for the control in the Security Hub user documentation.
    severityRating string
    The severity of findings generated from this security standard control.
    title string
    The standard control title.
    control_id str
    The identifier of the security standard control.
    control_status_updated_at str
    The date and time that the status of the security standard control was most recently updated.
    description str
    The standard control longer description. Provides information about what the control is checking for.
    id str
    The provider-assigned unique ID for this managed resource.
    related_requirements Sequence[str]
    The list of requirements that are related to this control.
    remediation_url str
    A link to remediation information for the control in the Security Hub user documentation.
    severity_rating str
    The severity of findings generated from this security standard control.
    title str
    The standard control title.
    controlId String
    The identifier of the security standard control.
    controlStatusUpdatedAt String
    The date and time that the status of the security standard control was most recently updated.
    description String
    The standard control longer description. Provides information about what the control is checking for.
    id String
    The provider-assigned unique ID for this managed resource.
    relatedRequirements List<String>
    The list of requirements that are related to this control.
    remediationUrl String
    A link to remediation information for the control in the Security Hub user documentation.
    severityRating String
    The severity of findings generated from this security standard control.
    title String
    The standard control title.

    Look up Existing StandardsControl Resource

    Get an existing StandardsControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: StandardsControlState, opts?: CustomResourceOptions): StandardsControl
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            control_id: Optional[str] = None,
            control_status: Optional[str] = None,
            control_status_updated_at: Optional[str] = None,
            description: Optional[str] = None,
            disabled_reason: Optional[str] = None,
            related_requirements: Optional[Sequence[str]] = None,
            remediation_url: Optional[str] = None,
            severity_rating: Optional[str] = None,
            standards_control_arn: Optional[str] = None,
            title: Optional[str] = None) -> StandardsControl
    func GetStandardsControl(ctx *Context, name string, id IDInput, state *StandardsControlState, opts ...ResourceOption) (*StandardsControl, error)
    public static StandardsControl Get(string name, Input<string> id, StandardsControlState? state, CustomResourceOptions? opts = null)
    public static StandardsControl get(String name, Output<String> id, StandardsControlState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ControlId string
    The identifier of the security standard control.
    ControlStatus string
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    ControlStatusUpdatedAt string
    The date and time that the status of the security standard control was most recently updated.
    Description string
    The standard control longer description. Provides information about what the control is checking for.
    DisabledReason string
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    RelatedRequirements List<string>
    The list of requirements that are related to this control.
    RemediationUrl string
    A link to remediation information for the control in the Security Hub user documentation.
    SeverityRating string
    The severity of findings generated from this security standard control.
    StandardsControlArn string
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    Title string
    The standard control title.
    ControlId string
    The identifier of the security standard control.
    ControlStatus string
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    ControlStatusUpdatedAt string
    The date and time that the status of the security standard control was most recently updated.
    Description string
    The standard control longer description. Provides information about what the control is checking for.
    DisabledReason string
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    RelatedRequirements []string
    The list of requirements that are related to this control.
    RemediationUrl string
    A link to remediation information for the control in the Security Hub user documentation.
    SeverityRating string
    The severity of findings generated from this security standard control.
    StandardsControlArn string
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    Title string
    The standard control title.
    controlId String
    The identifier of the security standard control.
    controlStatus String
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    controlStatusUpdatedAt String
    The date and time that the status of the security standard control was most recently updated.
    description String
    The standard control longer description. Provides information about what the control is checking for.
    disabledReason String
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    relatedRequirements List<String>
    The list of requirements that are related to this control.
    remediationUrl String
    A link to remediation information for the control in the Security Hub user documentation.
    severityRating String
    The severity of findings generated from this security standard control.
    standardsControlArn String
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    title String
    The standard control title.
    controlId string
    The identifier of the security standard control.
    controlStatus string
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    controlStatusUpdatedAt string
    The date and time that the status of the security standard control was most recently updated.
    description string
    The standard control longer description. Provides information about what the control is checking for.
    disabledReason string
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    relatedRequirements string[]
    The list of requirements that are related to this control.
    remediationUrl string
    A link to remediation information for the control in the Security Hub user documentation.
    severityRating string
    The severity of findings generated from this security standard control.
    standardsControlArn string
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    title string
    The standard control title.
    control_id str
    The identifier of the security standard control.
    control_status str
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    control_status_updated_at str
    The date and time that the status of the security standard control was most recently updated.
    description str
    The standard control longer description. Provides information about what the control is checking for.
    disabled_reason str
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    related_requirements Sequence[str]
    The list of requirements that are related to this control.
    remediation_url str
    A link to remediation information for the control in the Security Hub user documentation.
    severity_rating str
    The severity of findings generated from this security standard control.
    standards_control_arn str
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    title str
    The standard control title.
    controlId String
    The identifier of the security standard control.
    controlStatus String
    The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
    controlStatusUpdatedAt String
    The date and time that the status of the security standard control was most recently updated.
    description String
    The standard control longer description. Provides information about what the control is checking for.
    disabledReason String
    A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
    relatedRequirements List<String>
    The list of requirements that are related to this control.
    remediationUrl String
    A link to remediation information for the control in the Security Hub user documentation.
    severityRating String
    The severity of findings generated from this security standard control.
    standardsControlArn String
    The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.
    title String
    The standard control title.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi