AWS::SecurityHub::ConfigurationPolicy SecurityHubPolicy - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::SecurityHub::ConfigurationPolicy SecurityHubPolicy

An object that defines how AWS Security Hub CSPM is configured. The configuration policy includes whether Security Hub CSPM is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub CSPM disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub CSPM enables all other controls (including newly released controls).

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

Properties

EnabledStandardIdentifiers

A list that defines which security standards are enabled in the configuration policy.

This property is required only if ServiceEnabled is set to true in your configuration policy.

Required: Conditional

Type: Array of String

Maximum: 2048 | 1000

Update requires: No interruption

SecurityControlsConfiguration

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

This property is required only if ServiceEnabled is set to true in your configuration policy.

Required: Conditional

Type: SecurityControlsConfiguration

Update requires: No interruption

ServiceEnabled

Indicates whether Security Hub CSPM is enabled in the policy.

Required: No

Type: Boolean

Update requires: No interruption