Viewing docs for AWS v7.28.0
published on Thursday, Apr 30, 2026 by Pulumi
published on Thursday, Apr 30, 2026 by Pulumi
Viewing docs for AWS v7.28.0
published on Thursday, Apr 30, 2026 by Pulumi
published on Thursday, Apr 30, 2026 by Pulumi
Lists security controls.
Example Usage
All Controls
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.securityhub.getSecurityControls({});
import pulumi
import pulumi_aws as aws
example = aws.securityhub.get_security_controls()
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityhub.GetSecurityControls(ctx, &securityhub.GetSecurityControlsArgs{}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.SecurityHub.GetSecurityControls.Invoke();
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.SecurityhubFunctions;
import com.pulumi.aws.securityhub.inputs.GetSecurityControlsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SecurityhubFunctions.getSecurityControls(GetSecurityControlsArgs.builder()
.build());
}
}
variables:
example:
fn::invoke:
function: aws:securityhub:getSecurityControls
arguments: {}
HIGH or CRITICAL Severity Controls
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
const example = aws.securityhub.getSecurityControls({});
export const securityControlDefinitions = Promise.all([example, std.contains({
input: [
"HIGH",
"CRITICAL",
],
element: d.severityRating,
})]).then(([example, invoke]) => .filter(d => invoke.result).map(d => (d)));
import pulumi
import pulumi_aws as aws
import pulumi_std as std
example = aws.securityhub.get_security_controls()
pulumi.export("securityControlDefinitions", [d for d in example.security_control_definitions if std.contains(input=[
"HIGH",
"CRITICAL",
],
element=d.severity_rating).result])
Example coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var example = Aws.SecurityHub.GetSecurityControls.Invoke();
return new Dictionary<string, object?>
{
["securityControlDefinitions"] = Output.Tuple(example, Std.Index.Contains.Invoke(new()
{
Input = new[]
{
"HIGH",
"CRITICAL",
},
Element = d.SeverityRating,
})).Apply(values =>
{
var example = values.Item1;
var invoke = values.Item2;
return ;
}),
};
});
Example coming soon!
Example coming soon!
Using getSecurityControls
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecurityControls(args: GetSecurityControlsArgs, opts?: InvokeOptions): Promise<GetSecurityControlsResult>
function getSecurityControlsOutput(args: GetSecurityControlsOutputArgs, opts?: InvokeOptions): Output<GetSecurityControlsResult>def get_security_controls(region: Optional[str] = None,
standards_arn: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecurityControlsResult
def get_security_controls_output(region: Optional[pulumi.Input[str]] = None,
standards_arn: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecurityControlsResult]func GetSecurityControls(ctx *Context, args *GetSecurityControlsArgs, opts ...InvokeOption) (*GetSecurityControlsResult, error)
func GetSecurityControlsOutput(ctx *Context, args *GetSecurityControlsOutputArgs, opts ...InvokeOption) GetSecurityControlsResultOutput> Note: This function is named GetSecurityControls in the Go SDK.
public static class GetSecurityControls
{
public static Task<GetSecurityControlsResult> InvokeAsync(GetSecurityControlsArgs args, InvokeOptions? opts = null)
public static Output<GetSecurityControlsResult> Invoke(GetSecurityControlsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecurityControlsResult> getSecurityControls(GetSecurityControlsArgs args, InvokeOptions options)
public static Output<GetSecurityControlsResult> getSecurityControls(GetSecurityControlsArgs args, InvokeOptions options)
fn::invoke:
function: aws:securityhub/getSecurityControls:getSecurityControls
arguments:
# arguments dictionaryThe following arguments are supported:
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Standards
Arn string - ARN of the standard that you want to list controls for. If omitted, all controls are returned.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Standards
Arn string - ARN of the standard that you want to list controls for. If omitted, all controls are returned.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- standards
Arn String - ARN of the standard that you want to list controls for. If omitted, all controls are returned.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- standards
Arn string - ARN of the standard that you want to list controls for. If omitted, all controls are returned.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- standards_
arn str - ARN of the standard that you want to list controls for. If omitted, all controls are returned.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- standards
Arn String - ARN of the standard that you want to list controls for. If omitted, all controls are returned.
getSecurityControls Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Region string
- Security
Control List<GetDefinitions Security Controls Security Control Definition> - List of controls. See below for details.
- Standards
Arn string
- Id string
- The provider-assigned unique ID for this managed resource.
- Region string
- Security
Control []GetDefinitions Security Controls Security Control Definition - List of controls. See below for details.
- Standards
Arn string
- id String
- The provider-assigned unique ID for this managed resource.
- region String
- security
Control List<GetDefinitions Security Controls Security Control Definition> - List of controls. See below for details.
- standards
Arn String
- id string
- The provider-assigned unique ID for this managed resource.
- region string
- security
Control GetDefinitions Security Controls Security Control Definition[] - List of controls. See below for details.
- standards
Arn string
- id str
- The provider-assigned unique ID for this managed resource.
- region str
- security_
control_ Sequence[Getdefinitions Security Controls Security Control Definition] - List of controls. See below for details.
- standards_
arn str
- id String
- The provider-assigned unique ID for this managed resource.
- region String
- security
Control List<Property Map>Definitions - List of controls. See below for details.
- standards
Arn String
Supporting Types
GetSecurityControlsSecurityControlDefinition
- string
- Whether the security control is available in the current AWS Region. Valid values:
AVAILABLE,UNAVAILABLE. - Customizable
Properties List<string> - Security control properties that you can customize.
- Description string
- Description of the security control across standards.
- Remediation
Url string - Link to Security Hub CSPM documentation that explains how to remediate a failed finding for the security control.
- Security
Control stringId - Unique identifier of the security control across standards.
- Severity
Rating string - Severity of the security control. Valid values:
LOW,MEDIUM,HIGH,CRITICAL. - Title string
- Title of the security control.
- string
- Whether the security control is available in the current AWS Region. Valid values:
AVAILABLE,UNAVAILABLE. - Customizable
Properties []string - Security control properties that you can customize.
- Description string
- Description of the security control across standards.
- Remediation
Url string - Link to Security Hub CSPM documentation that explains how to remediate a failed finding for the security control.
- Security
Control stringId - Unique identifier of the security control across standards.
- Severity
Rating string - Severity of the security control. Valid values:
LOW,MEDIUM,HIGH,CRITICAL. - Title string
- Title of the security control.
- String
- Whether the security control is available in the current AWS Region. Valid values:
AVAILABLE,UNAVAILABLE. - customizable
Properties List<String> - Security control properties that you can customize.
- description String
- Description of the security control across standards.
- remediation
Url String - Link to Security Hub CSPM documentation that explains how to remediate a failed finding for the security control.
- security
Control StringId - Unique identifier of the security control across standards.
- severity
Rating String - Severity of the security control. Valid values:
LOW,MEDIUM,HIGH,CRITICAL. - title String
- Title of the security control.
- string
- Whether the security control is available in the current AWS Region. Valid values:
AVAILABLE,UNAVAILABLE. - customizable
Properties string[] - Security control properties that you can customize.
- description string
- Description of the security control across standards.
- remediation
Url string - Link to Security Hub CSPM documentation that explains how to remediate a failed finding for the security control.
- security
Control stringId - Unique identifier of the security control across standards.
- severity
Rating string - Severity of the security control. Valid values:
LOW,MEDIUM,HIGH,CRITICAL. - title string
- Title of the security control.
- current_
region_ stravailability - Whether the security control is available in the current AWS Region. Valid values:
AVAILABLE,UNAVAILABLE. - customizable_
properties Sequence[str] - Security control properties that you can customize.
- description str
- Description of the security control across standards.
- remediation_
url str - Link to Security Hub CSPM documentation that explains how to remediate a failed finding for the security control.
- security_
control_ strid - Unique identifier of the security control across standards.
- severity_
rating str - Severity of the security control. Valid values:
LOW,MEDIUM,HIGH,CRITICAL. - title str
- Title of the security control.
- String
- Whether the security control is available in the current AWS Region. Valid values:
AVAILABLE,UNAVAILABLE. - customizable
Properties List<String> - Security control properties that you can customize.
- description String
- Description of the security control across standards.
- remediation
Url String - Link to Security Hub CSPM documentation that explains how to remediate a failed finding for the security control.
- security
Control StringId - Unique identifier of the security control across standards.
- severity
Rating String - Severity of the security control. Valid values:
LOW,MEDIUM,HIGH,CRITICAL. - title String
- Title of the security control.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Viewing docs for AWS v7.28.0
published on Thursday, Apr 30, 2026 by Pulumi
published on Thursday, Apr 30, 2026 by Pulumi
