AWS Classic v5.41.0, May 15 23

aws.securityhub.StandardsControl

Explore with Pulumi AI

Disable/enable Security Hub standards control in the current region.

The aws.securityhub.StandardsControl behaves differently from normal resources, in that The provider does not create this resource, but instead “adopts” it into management. When you delete this resource configuration, the provider “abandons” resource as is and just removes it from the state.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.SecurityHub.Account("example");

    var cisAwsFoundationsBenchmark = new Aws.SecurityHub.StandardsSubscription("cisAwsFoundationsBenchmark", new()
    {
        StandardsArn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            example,
        },
    });

    var ensureIamPasswordPolicyPreventsPasswordReuse = new Aws.SecurityHub.StandardsControl("ensureIamPasswordPolicyPreventsPasswordReuse", new()
    {
        StandardsControlArn = "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
        ControlStatus = "DISABLED",
        DisabledReason = "We handle password policies within Okta",
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            cisAwsFoundationsBenchmark,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/securityhub"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := securityhub.NewAccount(ctx, "example", nil)
		if err != nil {
			return err
		}
		cisAwsFoundationsBenchmark, err := securityhub.NewStandardsSubscription(ctx, "cisAwsFoundationsBenchmark", &securityhub.StandardsSubscriptionArgs{
			StandardsArn: pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
		}, pulumi.DependsOn([]pulumi.Resource{
			example,
		}))
		if err != nil {
			return err
		}
		_, err = securityhub.NewStandardsControl(ctx, "ensureIamPasswordPolicyPreventsPasswordReuse", &securityhub.StandardsControlArgs{
			StandardsControlArn: pulumi.String("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10"),
			ControlStatus:       pulumi.String("DISABLED"),
			DisabledReason:      pulumi.String("We handle password policies within Okta"),
		}, pulumi.DependsOn([]pulumi.Resource{
			cisAwsFoundationsBenchmark,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.StandardsSubscription;
import com.pulumi.aws.securityhub.StandardsSubscriptionArgs;
import com.pulumi.aws.securityhub.StandardsControl;
import com.pulumi.aws.securityhub.StandardsControlArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Account("example");

        var cisAwsFoundationsBenchmark = new StandardsSubscription("cisAwsFoundationsBenchmark", StandardsSubscriptionArgs.builder()        
            .standardsArn("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0")
            .build(), CustomResourceOptions.builder()
                .dependsOn(example)
                .build());

        var ensureIamPasswordPolicyPreventsPasswordReuse = new StandardsControl("ensureIamPasswordPolicyPreventsPasswordReuse", StandardsControlArgs.builder()        
            .standardsControlArn("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10")
            .controlStatus("DISABLED")
            .disabledReason("We handle password policies within Okta")
            .build(), CustomResourceOptions.builder()
                .dependsOn(cisAwsFoundationsBenchmark)
                .build());

    }
}

import pulumi
import pulumi_aws as aws

example = aws.securityhub.Account("example")
cis_aws_foundations_benchmark = aws.securityhub.StandardsSubscription("cisAwsFoundationsBenchmark", standards_arn="arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
opts=pulumi.ResourceOptions(depends_on=[example]))
ensure_iam_password_policy_prevents_password_reuse = aws.securityhub.StandardsControl("ensureIamPasswordPolicyPreventsPasswordReuse",
    standards_control_arn="arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
    control_status="DISABLED",
    disabled_reason="We handle password policies within Okta",
    opts=pulumi.ResourceOptions(depends_on=[cis_aws_foundations_benchmark]))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.securityhub.Account("example", {});
const cisAwsFoundationsBenchmark = new aws.securityhub.StandardsSubscription("cisAwsFoundationsBenchmark", {standardsArn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"}, {
    dependsOn: [example],
});
const ensureIamPasswordPolicyPreventsPasswordReuse = new aws.securityhub.StandardsControl("ensureIamPasswordPolicyPreventsPasswordReuse", {
    standardsControlArn: "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
    controlStatus: "DISABLED",
    disabledReason: "We handle password policies within Okta",
}, {
    dependsOn: [cisAwsFoundationsBenchmark],
});

resources:
  example:
    type: aws:securityhub:Account
  cisAwsFoundationsBenchmark:
    type: aws:securityhub:StandardsSubscription
    properties:
      standardsArn: arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0
    options:
      dependson:
        - ${example}
  ensureIamPasswordPolicyPreventsPasswordReuse:
    type: aws:securityhub:StandardsControl
    properties:
      standardsControlArn: arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10
      controlStatus: DISABLED
      disabledReason: We handle password policies within Okta
    options:
      dependson:
        - ${cisAwsFoundationsBenchmark}

Create StandardsControl Resource

new StandardsControl(name: string, args: StandardsControlArgs, opts?: CustomResourceOptions);

@overload
def StandardsControl(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     control_status: Optional[str] = None,
                     disabled_reason: Optional[str] = None,
                     standards_control_arn: Optional[str] = None)
@overload
def StandardsControl(resource_name: str,
                     args: StandardsControlArgs,
                     opts: Optional[ResourceOptions] = None)

func NewStandardsControl(ctx *Context, name string, args StandardsControlArgs, opts ...ResourceOption) (*StandardsControl, error)

public StandardsControl(string name, StandardsControlArgs args, CustomResourceOptions? opts = null)

public StandardsControl(String name, StandardsControlArgs args)
public StandardsControl(String name, StandardsControlArgs args, CustomResourceOptions options)

type: aws:securityhub:StandardsControl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args StandardsControlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args StandardsControlArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args StandardsControlArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args StandardsControlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args StandardsControlArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

StandardsControl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The StandardsControl resource accepts the following input properties:

ControlStatus string: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
StandardsControlArn string: The standards control ARN.
DisabledReason string: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

ControlStatus string: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
StandardsControlArn string: The standards control ARN.
DisabledReason string: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

controlStatus String: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
standardsControlArn String: The standards control ARN.
disabledReason String: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

controlStatus string: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
standardsControlArn string: The standards control ARN.
disabledReason string: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

control_status str: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
standards_control_arn str: The standards control ARN.
disabled_reason str: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

controlStatus String: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
standardsControlArn String: The standards control ARN.
disabledReason String: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

Outputs

All input properties are implicitly available as output properties. Additionally, the StandardsControl resource produces the following output properties:

ControlId string: The identifier of the security standard control.
ControlStatusUpdatedAt string: The date and time that the status of the security standard control was most recently updated.
Description string: The standard control longer description. Provides information about what the control is checking for.
Id string: The provider-assigned unique ID for this managed resource.
RelatedRequirements List<string>: The list of requirements that are related to this control.
RemediationUrl string: A link to remediation information for the control in the Security Hub user documentation.
SeverityRating string: The severity of findings generated from this security standard control.
Title string: The standard control title.

ControlId string: The identifier of the security standard control.
ControlStatusUpdatedAt string: The date and time that the status of the security standard control was most recently updated.
Description string: The standard control longer description. Provides information about what the control is checking for.
Id string: The provider-assigned unique ID for this managed resource.
RelatedRequirements []string: The list of requirements that are related to this control.
RemediationUrl string: A link to remediation information for the control in the Security Hub user documentation.
SeverityRating string: The severity of findings generated from this security standard control.
Title string: The standard control title.

controlId String: The identifier of the security standard control.
controlStatusUpdatedAt String: The date and time that the status of the security standard control was most recently updated.
description String: The standard control longer description. Provides information about what the control is checking for.
id String: The provider-assigned unique ID for this managed resource.
relatedRequirements List<String>: The list of requirements that are related to this control.
remediationUrl String: A link to remediation information for the control in the Security Hub user documentation.
severityRating String: The severity of findings generated from this security standard control.
title String: The standard control title.

controlId string: The identifier of the security standard control.
controlStatusUpdatedAt string: The date and time that the status of the security standard control was most recently updated.
description string: The standard control longer description. Provides information about what the control is checking for.
id string: The provider-assigned unique ID for this managed resource.
relatedRequirements string[]: The list of requirements that are related to this control.
remediationUrl string: A link to remediation information for the control in the Security Hub user documentation.
severityRating string: The severity of findings generated from this security standard control.
title string: The standard control title.

control_id str: The identifier of the security standard control.
control_status_updated_at str: The date and time that the status of the security standard control was most recently updated.
description str: The standard control longer description. Provides information about what the control is checking for.
id str: The provider-assigned unique ID for this managed resource.
related_requirements Sequence[str]: The list of requirements that are related to this control.
remediation_url str: A link to remediation information for the control in the Security Hub user documentation.
severity_rating str: The severity of findings generated from this security standard control.
title str: The standard control title.

controlId String: The identifier of the security standard control.
controlStatusUpdatedAt String: The date and time that the status of the security standard control was most recently updated.
description String: The standard control longer description. Provides information about what the control is checking for.
id String: The provider-assigned unique ID for this managed resource.
relatedRequirements List<String>: The list of requirements that are related to this control.
remediationUrl String: A link to remediation information for the control in the Security Hub user documentation.
severityRating String: The severity of findings generated from this security standard control.
title String: The standard control title.

Look up Existing StandardsControl Resource

Get an existing StandardsControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: StandardsControlState, opts?: CustomResourceOptions): StandardsControl

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        control_id: Optional[str] = None,
        control_status: Optional[str] = None,
        control_status_updated_at: Optional[str] = None,
        description: Optional[str] = None,
        disabled_reason: Optional[str] = None,
        related_requirements: Optional[Sequence[str]] = None,
        remediation_url: Optional[str] = None,
        severity_rating: Optional[str] = None,
        standards_control_arn: Optional[str] = None,
        title: Optional[str] = None) -> StandardsControl

func GetStandardsControl(ctx *Context, name string, id IDInput, state *StandardsControlState, opts ...ResourceOption) (*StandardsControl, error)

public static StandardsControl Get(string name, Input<string> id, StandardsControlState? state, CustomResourceOptions? opts = null)

public static StandardsControl get(String name, Output<String> id, StandardsControlState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ControlId string: The identifier of the security standard control.
ControlStatus string: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
ControlStatusUpdatedAt string: The date and time that the status of the security standard control was most recently updated.
Description string: The standard control longer description. Provides information about what the control is checking for.
DisabledReason string: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
RelatedRequirements List<string>: The list of requirements that are related to this control.
RemediationUrl string: A link to remediation information for the control in the Security Hub user documentation.
SeverityRating string: The severity of findings generated from this security standard control.
StandardsControlArn string: The standards control ARN.
Title string: The standard control title.

ControlId string: The identifier of the security standard control.
ControlStatus string: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
ControlStatusUpdatedAt string: The date and time that the status of the security standard control was most recently updated.
Description string: The standard control longer description. Provides information about what the control is checking for.
DisabledReason string: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
RelatedRequirements []string: The list of requirements that are related to this control.
RemediationUrl string: A link to remediation information for the control in the Security Hub user documentation.
SeverityRating string: The severity of findings generated from this security standard control.
StandardsControlArn string: The standards control ARN.
Title string: The standard control title.

controlId String: The identifier of the security standard control.
controlStatus String: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
controlStatusUpdatedAt String: The date and time that the status of the security standard control was most recently updated.
description String: The standard control longer description. Provides information about what the control is checking for.
disabledReason String: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
relatedRequirements List<String>: The list of requirements that are related to this control.
remediationUrl String: A link to remediation information for the control in the Security Hub user documentation.
severityRating String: The severity of findings generated from this security standard control.
standardsControlArn String: The standards control ARN.
title String: The standard control title.

controlId string: The identifier of the security standard control.
controlStatus string: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
controlStatusUpdatedAt string: The date and time that the status of the security standard control was most recently updated.
description string: The standard control longer description. Provides information about what the control is checking for.
disabledReason string: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
relatedRequirements string[]: The list of requirements that are related to this control.
remediationUrl string: A link to remediation information for the control in the Security Hub user documentation.
severityRating string: The severity of findings generated from this security standard control.
standardsControlArn string: The standards control ARN.
title string: The standard control title.

control_id str: The identifier of the security standard control.
control_status str: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
control_status_updated_at str: The date and time that the status of the security standard control was most recently updated.
description str: The standard control longer description. Provides information about what the control is checking for.
disabled_reason str: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
related_requirements Sequence[str]: The list of requirements that are related to this control.
remediation_url str: A link to remediation information for the control in the Security Hub user documentation.
severity_rating str: The severity of findings generated from this security standard control.
standards_control_arn str: The standards control ARN.
title str: The standard control title.

controlId String: The identifier of the security standard control.
controlStatus String: The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
controlStatusUpdatedAt String: The date and time that the status of the security standard control was most recently updated.
description String: The standard control longer description. Provides information about what the control is checking for.
disabledReason String: A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.
relatedRequirements List<String>: The list of requirements that are related to this control.
remediationUrl String: A link to remediation information for the control in the Security Hub user documentation.
severityRating String: The severity of findings generated from this security standard control.
standardsControlArn String: The standards control ARN.
title String: The standard control title.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.